CVE-2008-1387

Summary

CVE	CVE-2008-1387
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2008-04-16 16:05:00 UTC
Updated	2018-10-11 20:33:00 UTC
Description	ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Clam Anti-virus	Clamav	0.90	All	All	All
Application	Clam Anti-virus	Clamav	0.90.1	All	All	All
Application	Clam Anti-virus	Clamav	0.90rc1	All	All	All
Application	Clam Anti-virus	Clamav	0.90_rc1.1	All	All	All
Application	Clam Anti-virus	Clamav	0.90_rc2	All	All	All
Application	Clam Anti-virus	Clamav	0.90_rc3	All	All	All
Application	Clam Anti-virus	Clamav	0.91	All	All	All
Application	Clam Anti-virus	Clamav	0.92	All	All	All
Application	Clam Anti-virus	Clamav	0.90	All	All	All
Application	Clam Anti-virus	Clamav	0.90.1	All	All	All
Application	Clam Anti-virus	Clamav	0.90rc1	All	All	All
Application	Clam Anti-virus	Clamav	0.90_rc1.1	All	All	All
Application	Clam Anti-virus	Clamav	0.90_rc2	All	All	All
Application	Clam Anti-virus	Clamav	0.90_rc3	All	All	All
Application	Clam Anti-virus	Clamav	0.91	All	All	All
Application	Clam Anti-virus	Clamav	0.92	All	All	All

References

Reference	Source	Link	Tags
Just a moment...	CONFIRM	www.clamav.net
Kolab Server ClamAV Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
APPLE-SA-2008-09-15 Mac OS X v10.5.5 and Security Update 2008-006	APPLE	lists.apple.com
404 Not Found	CONFIRM	kolab.org
SecurityFocus	BUGTRAQ	www.securityfocus.com
Fedora update for clamav - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive	MISC	www.ee.oulu.fi
CERT-FI - CERT-FI and CPNI Joint Vulnerability Advisory on Archive Formats	MISC	www.cert.fi	Exploit, Patch
Up2Date Announcements: Up2Date ASG V7.300 GA Release	CONFIRM	up2date.astaro.com
[SECURITY] Fedora 7 Update: clamav-0.92.1-2.fc7	FEDORA	www.redhat.com
[SECURITY] Fedora 8 Update: clamav-0.92.1-2.fc8	FEDORA	www.redhat.com
Gentoo update for clamav - Advisories - Secunia	SECUNIA	secunia.com
[security-announce] SUSE Security Announcement: clamav (SUSE-SA:2008:024	SUSE	lists.opensuse.org
Fedora update for clamav - Advisories - Secunia	SECUNIA	secunia.com
US-CERT Technical Cyber Security Alert TA08-260A -- Apple Updates for Multiple Vulnerabilities	CERT	www.us-cert.gov	US Government Resource
clamav: Endless loop / hang with crafter arj, CVE-2008-1387	MISC	int21.de
Astaro update for ClamAV - Advisories - Secunia	SECUNIA	secunia.com
[SECURITY] Fedora 9 Update: clamav-0.93-1.fc9	FEDORA	www.redhat.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
Security Advisories \| Mandriva Linux	MANDRIVA	www.mandriva.com
SUSE update for clamav - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
ClamAV 0.92.1 Multiple Vulnerabilities	BID	www.securityfocus.com
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
ClamAV: Multiple vulnerabilities — Gentoo Linux Documentation	GENTOO	security.gentoo.org
ClamAV ARJ File Denial Of Service Vulnerability	BID	www.securityfocus.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.