[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: clamav get_unicode_name()
From:       Tomas Hoger <thoger () redhat ! com>
Date:       2008-11-13 9:19:29
Message-ID: 20081113101929.0dcbb14e () redhat ! com
[Download RAW message or body]

On Thu, 13 Nov 2008 10:06:17 +0100 Thomas Biege <thomas@suse.de> wrote:

> AFAIK no CVE-ID was assigned for the following issue yet.

It was, see NVD site.

CVE-2008-5050

Off-by-one error in the get_unicode_name function
(libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1
allows remote attackers to cause a denial of service (crash) or
possibly execute arbitrary code via a crafted VBA project file, which
triggers a heap-based buffer overflow.

HTH

-- 
Tomas Hoger / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]