Date: Wed, 3 Dec 2008 11:54:18 -0500 (EST) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com cc: coley@...us.mitre.org Subject: Re: CVE request: clamav 0.94.2 Note that we try to avoid the term "stack overflow" since it's often used for buffer overflows. - Steve ====================================================== Name: CVE-2008-5314 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5314 Reference: MLIST:[clamav-announce] 20081126 announcing ClamAV 0.94.2 Reference: URL:http://lurker.clamav.net/message/20081126.150241.55b1e092.en.html Reference: MLIST:[oss-security] 20081201 CVE request: clamav 0.94.2 Reference: URL:http://www.openwall.com/lists/oss-security/2008/12/01/8 Reference: CONFIRM:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1266 Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.