CVE-2008-5050

Publication date 13 November 2008

Last updated 24 July 2024


Ubuntu priority

Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow.

Status

Package Ubuntu Release Status
clamav 8.10 intrepid
Fixed 0.94.dfsg.1-1ubuntu0.1
8.04 LTS hardy
Fixed 0.92.1~dfsg2-1.1ubuntu0.3
7.10 gutsy
Fixed 0.92.1~dfsg2-1.1~gutsy3.1ubuntu1
6.06 LTS dapper
Fixed 0.92.1~dfsg2-1.1~dapper3.2

References

Related Ubuntu Security Notices (USN)

    • USN-672-1
    • ClamAV vulnerability
    • 17 November 2008

Other references