CVE-2008-2713

Summary

CVE	CVE-2008-2713
State	PUBLISHED
Assigner	mitre
Source Priority	CVE Program / NVD first with legacy fallback
Published	2008-06-16 21:41:00 UTC
Updated	2026-04-23 00:35:47 UTC
Description	libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read.

Risk And Classification

Primary CVSS: v2.0 5 from [email protected]

AV:N/AC:L/Au:N/C:N/I:N/A:P

Problem Types: CWE-399 | n/a

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Clam Anti-virus	Clamav	0.15	All	All	All
Application	Clam Anti-virus	Clamav	0.20	All	All	All
Application	Clam Anti-virus	Clamav	0.21	All	All	All
Application	Clam Anti-virus	Clamav	0.22	All	All	All
Application	Clam Anti-virus	Clamav	0.23	All	All	All
Application	Clam Anti-virus	Clamav	0.24	All	All	All
Application	Clam Anti-virus	Clamav	0.51	All	All	All
Application	Clam Anti-virus	Clamav	0.52	All	All	All
Application	Clam Anti-virus	Clamav	0.53	All	All	All
Application	Clam Anti-virus	Clamav	0.54	All	All	All
Application	Clam Anti-virus	Clamav	0.60	All	All	All
Application	Clam Anti-virus	Clamav	0.60p	All	All	All
Application	Clam Anti-virus	Clamav	0.65	All	All	All
Application	Clam Anti-virus	Clamav	0.67	All	All	All
Application	Clam Anti-virus	Clamav	0.68	All	All	All
Application	Clam Anti-virus	Clamav	0.68.1	All	All	All
Application	Clam Anti-virus	Clamav	0.70	All	All	All
Application	Clam Anti-virus	Clamav	0.71	All	All	All
Application	Clam Anti-virus	Clamav	0.72	All	All	All
Application	Clam Anti-virus	Clamav	0.73	All	All	All
Application	Clam Anti-virus	Clamav	0.74	All	All	All
Application	Clam Anti-virus	Clamav	0.75	All	All	All
Application	Clam Anti-virus	Clamav	0.75.1	All	All	All
Application	Clam Anti-virus	Clamav	0.80	All	All	All
Application	Clam Anti-virus	Clamav	0.80_rc1	All	All	All
Application	Clam Anti-virus	Clamav	0.80_rc2	All	All	All
Application	Clam Anti-virus	Clamav	0.80_rc3	All	All	All
Application	Clam Anti-virus	Clamav	0.80_rc4	All	All	All
Application	Clam Anti-virus	Clamav	0.81	All	All	All
Application	Clam Anti-virus	Clamav	0.81_rc1	All	All	All
Application	Clam Anti-virus	Clamav	0.82	All	All	All
Application	Clam Anti-virus	Clamav	0.83	All	All	All
Application	Clam Anti-virus	Clamav	0.84	All	All	All
Application	Clam Anti-virus	Clamav	0.84_rc1	All	All	All
Application	Clam Anti-virus	Clamav	0.84_rc2	All	All	All
Application	Clam Anti-virus	Clamav	0.85	All	All	All
Application	Clam Anti-virus	Clamav	0.85.1	All	All	All
Application	Clam Anti-virus	Clamav	0.86	All	All	All
Application	Clam Anti-virus	Clamav	0.86.1	All	All	All
Application	Clam Anti-virus	Clamav	0.86.2	All	All	All
Application	Clam Anti-virus	Clamav	0.86_rc1	All	All	All
Application	Clam Anti-virus	Clamav	0.87	All	All	All
Application	Clam Anti-virus	Clamav	0.87.1	All	All	All
Application	Clam Anti-virus	Clamav	0.88	All	All	All
Application	Clam Anti-virus	Clamav	0.88.1	All	All	All
Application	Clam Anti-virus	Clamav	0.88.3	All	All	All
Application	Clam Anti-virus	Clamav	0.88.4	All	All	All
Application	Clam Anti-virus	Clamav	0.88.5	All	All	All
Application	Clam Anti-virus	Clamav	0.88.6	All	All	All
Application	Clam Anti-virus	Clamav	0.88.7	All	All	All
Application	Clam Anti-virus	Clamav	0.90	All	All	All
Application	Clam Anti-virus	Clamav	0.90.1	All	All	All
Application	Clam Anti-virus	Clamav	0.90.2	All	All	All
Application	Clam Anti-virus	Clamav	0.90rc1	All	All	All
Application	Clam Anti-virus	Clamav	0.90_rc1.1	All	All	All
Application	Clam Anti-virus	Clamav	0.90_rc2	All	All	All
Application	Clam Anti-virus	Clamav	0.90_rc3	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
Kolab Server ClamAV Petite Processing Denial of Service - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
SourceForge.net: Clam AntiVirus: Files	af854a3a-2127-422b-91ae-364da2661108	sourceforge.net
oss-security - Re: CVE id request: Clamav	af854a3a-2127-422b-91ae-364da2661108	www.openwall.com
SUSE Update for Multiple Packages - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Webmail \| OVH- OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com
Gentoo update for clamav - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Astaro update for ClamAV - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
wwws.clamav.net/bugzilla/show_bug.cgi	af854a3a-2127-422b-91ae-364da2661108	wwws.clamav.net
APPLE-SA-2008-09-15 Mac OS X v10.5.5 and Security Update 2008-006	af854a3a-2127-422b-91ae-364da2661108	lists.apple.com
IBM X-Force Exchange	af854a3a-2127-422b-91ae-364da2661108	exchange.xforce.ibmcloud.com
[security-announce] SUSE Security Summary Report SUSE-SR:2008:015	af854a3a-2127-422b-91ae-364da2661108	lists.opensuse.org
Fedora update for clamav - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
SUSE Update for Multiple Packages - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
oss-security - CVE id request: Clamav	af854a3a-2127-422b-91ae-364da2661108	www.openwall.com
Debian -- Security Information -- DSA-1616-2 clamav	af854a3a-2127-422b-91ae-364da2661108	www.debian.org
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com
US-CERT Technical Cyber Security Alert TA08-260A -- Apple Updates for Multiple Vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	www.us-cert.gov	US Government Resource
svn.clamav.net/websvn/diff.php	af854a3a-2127-422b-91ae-364da2661108	svn.clamav.net	Exploit
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
[SECURITY] Fedora 9 Update: clamav-0.93.1-1.fc9	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com
Debian update for clamav - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Fedora update for clamav - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
ClamAV Petite Processing Denial of Service Vulnerability - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
404 Not Found	af854a3a-2127-422b-91ae-364da2661108	kolab.org
Support / Security / Advisories / / MDVSA-2008:122 \| Mandriva	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com
Up2Date Announcements: Up2Date ASG V7.300 GA Release	af854a3a-2127-422b-91ae-364da2661108	up2date.astaro.com
[SECURITY] Fedora 8 Update: clamav-0.92.1-3.fc8	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com
Clam AntiVirus Memory Access Bug in Processing Petite Formatted Files Lets Remote Users Deny Service - SecurityTracker	af854a3a-2127-422b-91ae-364da2661108	www.securitytracker.com
ClamAV 'petite.c' Invalid Memory Access Denial Of Service Vulnerability	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
[security-announce] SUSE Security Summary Report SUSE-SR:2008:014	af854a3a-2127-422b-91ae-364da2661108	lists.opensuse.org
ClamAV: Multiple Denials of Service — Gentoo Linux Documentation	af854a3a-2127-422b-91ae-364da2661108	security.gentoo.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.