oss-sec mailing list archives
Re: CVE request: clamav get_unicode_name() off-by-one buffer overflow
From: Tomas Hoger <thoger () redhat com>
Date: Thu, 13 Nov 2008 10:19:29 +0100
On Thu, 13 Nov 2008 10:06:17 +0100 Thomas Biege <thomas () suse de> wrote:
AFAIK no CVE-ID was assigned for the following issue yet.
It was, see NVD site. CVE-2008-5050 Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow. HTH -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- CVE request: clamav get_unicode_name() off-by-one buffer overflow Thomas Biege (Nov 13)
- Re: CVE request: clamav get_unicode_name() off-by-one buffer overflow Tomas Hoger (Nov 13)
- Re: CVE request: clamav get_unicode_name() off-by-one buffer overflow Steven M. Christey (Nov 20)