Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 249833 (CVE-2008-5314) - app-antivirus/clamav<0.94.2 DOS in libclamav/special.c (CVE-2008-5314)
Summary: app-antivirus/clamav<0.94.2 DOS in libclamav/special.c (CVE-2008-5314)
Status: RESOLVED FIXED
Alias: CVE-2008-5314
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://nvd.nist.gov/nvd.cfm?cvename=C...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-12-04 18:53 UTC by Stefan Behte (RETIRED)
Modified: 2008-12-23 22:18 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2008-12-04 18:53:00 UTC 
CVE-2008-5314 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5314):
  Stack consumption vulnerability in libclamav/special.c in ClamAV
  before 0.94.2 allows remote attackers to cause a denial of service
  (daemon crash) via a crafted JPEG file, related to the
  cli_check_jpeg_exploit, jpeg_check_photoshop, and
  jpeg_check_photoshop_8bim functions.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2008-12-04 19:01:31 UTC 
Thanks to Tobi, we already have 0.94.2 in tree.

Arches, please test and mark stable:
=app-antivirus/clamav-0.94.2
Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
Comment 2 Markus Meier gentoo-dev 2008-12-04 22:37:16 UTC 
amd64/x86 stable
Comment 3 Raúl Porcel (RETIRED) gentoo-dev 2008-12-05 10:01:35 UTC 
alpha/ia64/sparc stable
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2008-12-06 18:20:05 UTC 
Stable for HPPA.
Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev 2008-12-06 18:53:20 UTC 
ppc stable
Comment 6 Brent Baude (RETIRED) gentoo-dev 2008-12-08 19:37:48 UTC 
ppc6 done
Comment 7 Tobias Heinlein (RETIRED) gentoo-dev 2008-12-09 22:41:26 UTC 
GLSA request filed.
Comment 8 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-12-23 22:18:26 UTC 
GLSA 200812-21