CVE-2008-1100
Description
Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Heap-based buffer overflow in ClamAV's UPack PE scanner allows remote attackers to execute arbitrary code via a crafted file.
Vulnerability
A heap-based buffer overflow vulnerability exists in the cli_scanpe() function in libclamav/pe.c of ClamAV versions 0.92 and 0.92.1 [1]. The flaw is triggered when scanning a Portable Executable (PE) file that has been packed with the UPack executable packer [1]. A boundary error during unpacking causes a heap buffer overflow, potentially allowing an attacker to overwrite adjacent memory [1].
Exploitation
An attacker can exploit this vulnerability by crafting a malicious UPack PE file and delivering it to a target system [1]. No authentication is required; the attacker only needs to entice a user or automated system (e.g., an email gateway running ClamAV) to scan the file [2]. Once scanned, the overflow occurs within the cli_scanpe() function, leading to code execution [1].
Impact
Successful exploitation allows a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user running ClamAV (commonly a limited system account or the clamav user if running as clamd) [1][2]. Alternatively, the overflow can cause ClamAV to crash, resulting in a denial of service [1].
Mitigation
Users should upgrade to ClamAV version 0.93, which was released to address this vulnerability [1]. As a workaround, the ClamAV team disabled scanning of UPack-packed PE files in older versions, but this limits functionality [1]. Administrators should also avoid running clamscan as root to limit the impact of potential compromises [1]. No other workaround is known [2].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
28- secunia.com/advisories/29000nvdVendor Advisory
- secunia.com/secunia_research/2008-11/advisory/nvdVendor Advisory
- www.kb.cert.org/vuls/id/858595nvdUS Government Resource
- www.us-cert.gov/cas/techalerts/TA08-260A.htmlnvdUS Government Resource
- kolab.org/security/kolab-vendor-notice-20.txtnvd
- lists.apple.com/archives/security-announce//2008/Sep/msg00005.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-05/msg00024.htmlnvd
- secunia.com/advisories/29863nvd
- secunia.com/advisories/29886nvd
- secunia.com/advisories/29891nvd
- secunia.com/advisories/29975nvd
- secunia.com/advisories/30253nvd
- secunia.com/advisories/30328nvd
- secunia.com/advisories/31882nvd
- security.gentoo.org/glsa/glsa-200805-19.xmlnvd
- www.debian.org/security/2008/dsa-1549nvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/bid/28756nvd
- www.securityfocus.com/bid/28784nvd
- www.securitytracker.com/idnvd
- www.vupen.com/english/advisories/2008/1218/referencesnvd
- www.vupen.com/english/advisories/2008/2584nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/41789nvd
- www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.htmlnvd
- wwws.clamav.net/bugzilla/show_bug.cginvd
News mentions
0No linked articles in our index yet.