CVE-2008-1389

Summary

CVE	CVE-2008-1389
State	PUBLISHED
Assigner	mitre
Source Priority	CVE Program / NVD first with legacy fallback
Published	2008-09-04 16:41:00 UTC
Updated	2026-04-23 00:35:47 UTC
Description	libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access."

Risk And Classification

Primary CVSS: v2.0 5 from [email protected]

AV:N/AC:L/Au:N/C:N/I:N/A:P

Problem Types: CWE-399 | n/a

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Clam Anti-virus	Clamav	0.11	All	All	All
Application	Clam Anti-virus	Clamav	0.12	All	All	All
Application	Clam Anti-virus	Clamav	0.13	All	All	All
Application	Clam Anti-virus	Clamav	0.14	All	All	All
Application	Clam Anti-virus	Clamav	0.14	pre	All	All
Application	Clam Anti-virus	Clamav	0.15	All	All	All
Application	Clam Anti-virus	Clamav	0.20	All	All	All
Application	Clam Anti-virus	Clamav	0.21	All	All	All
Application	Clam Anti-virus	Clamav	0.22	All	All	All
Application	Clam Anti-virus	Clamav	0.23	All	All	All
Application	Clam Anti-virus	Clamav	0.24	All	All	All
Application	Clam Anti-virus	Clamav	0.51	All	All	All
Application	Clam Anti-virus	Clamav	0.52	All	All	All
Application	Clam Anti-virus	Clamav	0.53	All	All	All
Application	Clam Anti-virus	Clamav	0.54	All	All	All
Application	Clam Anti-virus	Clamav	0.60	All	All	All
Application	Clam Anti-virus	Clamav	0.60p	All	All	All
Application	Clam Anti-virus	Clamav	0.65	All	All	All
Application	Clam Anti-virus	Clamav	0.67	All	All	All
Application	Clam Anti-virus	Clamav	0.68	All	All	All
Application	Clam Anti-virus	Clamav	0.68.1	All	All	All
Application	Clam Anti-virus	Clamav	0.70	All	All	All
Application	Clam Anti-virus	Clamav	0.71	All	All	All
Application	Clam Anti-virus	Clamav	0.72	All	All	All
Application	Clam Anti-virus	Clamav	0.73	All	All	All
Application	Clam Anti-virus	Clamav	0.74	All	All	All
Application	Clam Anti-virus	Clamav	0.75	All	All	All
Application	Clam Anti-virus	Clamav	0.75.1	All	All	All
Application	Clam Anti-virus	Clamav	0.80	All	All	All
Application	Clam Anti-virus	Clamav	0.80	rc	All	All
Application	Clam Anti-virus	Clamav	0.80	rc2	All	All
Application	Clam Anti-virus	Clamav	0.80	rc3	All	All
Application	Clam Anti-virus	Clamav	0.80	rc4	All	All
Application	Clam Anti-virus	Clamav	0.81	All	All	All
Application	Clam Anti-virus	Clamav	0.81	rc1	All	All
Application	Clam Anti-virus	Clamav	0.82	All	All	All
Application	Clam Anti-virus	Clamav	0.83	All	All	All
Application	Clam Anti-virus	Clamav	0.84	All	All	All
Application	Clam Anti-virus	Clamav	0.84	rc1	All	All
Application	Clam Anti-virus	Clamav	0.84	rc2	All	All
Application	Clam Anti-virus	Clamav	0.85	All	All	All
Application	Clam Anti-virus	Clamav	0.85.1	All	All	All
Application	Clam Anti-virus	Clamav	0.86	All	All	All
Application	Clam Anti-virus	Clamav	0.86	rc1	All	All
Application	Clam Anti-virus	Clamav	0.86.1	All	All	All
Application	Clam Anti-virus	Clamav	0.86.2	All	All	All
Application	Clam Anti-virus	Clamav	0.87	All	All	All
Application	Clam Anti-virus	Clamav	0.87.1	All	All	All
Application	Clam Anti-virus	Clamav	0.88	All	All	All
Application	Clam Anti-virus	Clamav	0.88.1	All	All	All
Application	Clam Anti-virus	Clamav	0.88.2	All	All	All
Application	Clam Anti-virus	Clamav	0.88.3	All	All	All
Application	Clam Anti-virus	Clamav	0.88.4	All	All	All
Application	Clam Anti-virus	Clamav	0.88.5	All	All	All
Application	Clam Anti-virus	Clamav	0.88.6	All	All	All
Application	Clam Anti-virus	Clamav	0.88.7	All	All	All
Application	Clam Anti-virus	Clamav	0.90	All	All	All
Application	Clam Anti-virus	Clamav	0.90.1	All	All	All
Application	Clam Anti-virus	Clamav	0.90.2	All	All	All
Application	Clam Anti-virus	Clamav	0.90.3	All	All	All
Application	Clam Anti-virus	Clamav	0.91	All	All	All
Application	Clam Anti-virus	Clamav	0.91.1	All	All	All
Application	Clam Anti-virus	Clamav	0.91.2	All	All	All
Application	Clam Anti-virus	Clamav	0.92	All	All	All
Application	Clam Anti-virus	Clamav	0.92.1	All	All	All
Application	Clam Anti-virus	Clamav	0.93	All	All	All
Application	Clam Anti-virus	Clamav	0.93.1	All	All	All
Application	Clam Anti-virus	Clamav	All	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
ClamAV CHM Processing Denial of Service - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
SUSE Update for Multiple Packages - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com
[SECURITY] Fedora 9 Update: clamav-0.93.3-2.fc9	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com
404 Not Found	af854a3a-2127-422b-91ae-364da2661108	kolab.org
Kolab Server ClamAV Denial of Service - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com
ClamAV: Multiple Denials of Service — Gentoo Linux Documentation	af854a3a-2127-422b-91ae-364da2661108	security.gentoo.org
Support / Security / Advisories / / MDVSA-2008:189 \| Mandriva	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com
[security-announce] SUSE Security Summary Report: SUSE-SR:2008:018	af854a3a-2127-422b-91ae-364da2661108	lists.opensuse.org
[SECURITY] Fedora 8 Update: clamav-0.92.1-4.fc8	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com
About Security Update 2008-007	af854a3a-2127-422b-91ae-364da2661108	support.apple.com
Clam AntiVirus CHM Unpacking Bug Lets Remote Users Deny Service - SecurityTracker	af854a3a-2127-422b-91ae-364da2661108	www.securitytracker.com
Bug 1089 – clamav chm handler: crasher bugs	af854a3a-2127-422b-91ae-364da2661108	wwws.clamav.net
ClamAV 'chmunpack.c' Invalid Memory Access Denial Of Service Vulnerability	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
Gentoo update for clamav - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
svn.clamav.net/svn/clamav-devel/trunk/ChangeLog	af854a3a-2127-422b-91ae-364da2661108	svn.clamav.net
Fedora update for clamav - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
clamav: Crash with crafted chm, CVE-2008-1389	af854a3a-2127-422b-91ae-364da2661108	int21.de
APPLE-SA-2008-10-09 Security Update 2008-007	af854a3a-2127-422b-91ae-364da2661108	lists.apple.com
SourceForge.net: Files	af854a3a-2127-422b-91ae-364da2661108	sourceforge.net	Patch
RETIRED: Apple Mac OS X 2008-007 Multiple Security Vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

690294 Free Berkeley Software Distribution (FreeBSD) Security Update for clamav (da5c4072-8082-11dd-9c8c-001c2514716c)