CVE-2008-0318
Description
Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Integer overflow in ClamAV's PE scanner allows remote code execution via crafted Petite-packed PE file.
Vulnerability
An integer overflow vulnerability exists in the cli_scanpe function within libclamav in ClamAV versions prior to 0.92.1. The flaw is triggered when processing a specially crafted Petite packed PE file, leading to a heap-based buffer overflow [1][2][3]. The vulnerable code path is reachable when ClamAV scans any file, such as during email gateway scanning or on-demand system scans.
Exploitation
An attacker can exploit this vulnerability by sending a malicious Petite-packed PE file to a system running an affected version of ClamAV. No authentication or special network position is required; the file only needs to be scanned by ClamAV (e.g., as an email attachment or via a scheduled scan). The integer overflow occurs during parsing, causing an undersized heap allocation that is subsequently overflowed with attacker-controlled data [2][3].
Impact
Successful exploitation results in a heap-based buffer overflow, which can cause a denial of service (crash) or potentially allow arbitrary code execution. The attacker gains code execution with the privileges of the ClamAV process, typically the clamav user or the system user if clamd is compromised [3]. This could lead to full system compromise depending on the process privileges.
Mitigation
The vulnerability is fixed in ClamAV version 0.92.1, released in February 2008. Users should upgrade to this version or later. Gentoo users can update via emerge --sync && emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.92.1" [3]. SuSE Linux Enterprise and other distributions have provided updated packages [1]. No workaround is available for unpatched installations [3].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
26- sourceforge.net/project/shownotes.phpnvdPatch
- secunia.com/advisories/28907nvdVendor Advisory
- secunia.com/advisories/28913nvdVendor Advisory
- secunia.com/advisories/28949nvdVendor Advisory
- secunia.com/advisories/29001nvdVendor Advisory
- secunia.com/advisories/29026nvdVendor Advisory
- secunia.com/advisories/29048nvdVendor Advisory
- secunia.com/advisories/29060nvdVendor Advisory
- secunia.com/advisories/29420nvdVendor Advisory
- www.vupen.com/english/advisories/2008/0503nvdVendor Advisory
- www.vupen.com/english/advisories/2008/0606nvdVendor Advisory
- www.vupen.com/english/advisories/2008/0924/referencesnvdVendor Advisory
- bugs.gentoo.org/show_bug.cginvd
- docs.info.apple.com/article.htmlnvd
- kolab.org/security/kolab-vendor-notice-19.txtnvd
- labs.idefense.com/intelligence/vulnerabilities/display.phpnvd
- lists.apple.com/archives/security-announce/2008/Mar/msg00001.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.htmlnvd
- security.gentoo.org/glsa/glsa-200802-09.xmlnvd
- securitytracker.com/idnvd
- support.novell.com/techcenter/psdb/512985d2cd3090bfb93dcb7b551179cf.htmlnvd
- www.debian.org/security/2008/dsa-1497nvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/bid/27751nvd
- www.redhat.com/archives/fedora-package-announce/2008-February/msg00462.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-February/msg00481.htmlnvd
News mentions
0No linked articles in our index yet.