Search for vulnerabilities
Vulnerability details: VCID-zgcu-1xzj-aaaj
Vulnerability ID VCID-zgcu-1xzj-aaaj
Aliases CVE-2008-0318
Summary Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-189 Numeric Errors
System Score Found at
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.09717 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.12397 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.12397 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.12397 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.15622 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.15622 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.15622 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.15622 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.15622 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.15622 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.15622 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.15622 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.15622 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.15622 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.15622 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.15622 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.15622 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.15622 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.15622 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.19022 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.37508 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.37508 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.37508 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.37508 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.37508 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.37508 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.37508 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.37508 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.37508 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.38183 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.45179 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.45179 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
epss 0.45179 https://api.first.org/data/v1/epss?cve=CVE-2008-0318
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=432753
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2008-0318
Reference id Reference type URL
http://bugs.gentoo.org/show_bug.cgi?id=209915
http://docs.info.apple.com/article.html?artnum=307562
http://kolab.org/security/kolab-vendor-notice-19.txt
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=658
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0318.json
https://api.first.org/data/v1/epss?cve=CVE-2008-0318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0318
http://secunia.com/advisories/28907
http://secunia.com/advisories/28913
http://secunia.com/advisories/28949
http://secunia.com/advisories/29001
http://secunia.com/advisories/29026
http://secunia.com/advisories/29048
http://secunia.com/advisories/29060
http://secunia.com/advisories/29420
http://security.gentoo.org/glsa/glsa-200802-09.xml
http://securitytracker.com/id?1019394
http://sourceforge.net/project/shownotes.php?release_id=575703
http://support.novell.com/techcenter/psdb/512985d2cd3090bfb93dcb7b551179cf.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00462.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00481.html
http://www.debian.org/security/2008/dsa-1497
http://www.mandriva.com/security/advisories?name=MDVSA-2008:088
http://www.securityfocus.com/bid/27751
http://www.vupen.com/english/advisories/2008/0503
http://www.vupen.com/english/advisories/2008/0606
http://www.vupen.com/english/advisories/2008/0924/references
432753 https://bugzilla.redhat.com/show_bug.cgi?id=432753
cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*
CVE-2008-0318 https://nvd.nist.gov/vuln/detail/CVE-2008-0318
GLSA-200802-09 https://security.gentoo.org/glsa/200802-09
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2008-0318
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.922
EPSS Score 0.09717
Published At April 3, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.