VuXML entry for CVE-2008-0318 (libclamav)

Eygene Ryabinkin rea-fbsd at
Wed Feb 13 07:49:20 PST 2008

Good day.

Attached is the draft of the VuXML entry for the new ClamAV

>From what I had seen and from the comments of the iDefence
and ClamAV changelog, it seems that the vulnerable Petite PE
module is really disabled in daily.cfg.  The file has entries
'PE:0xbfff:13:23' and 'PE:0xdeff:24:25', while libclamav/dconf.h
has the following:
#define PE_CONF_PETITE            0x100
So, Petite compressor is disabled for f-levels 24 (0.92_sf)
and 25 (0.92).  23 is 0.92rc2 and Petite is enabled for it and
lower versions down to 13 (0.90).  F-versions were extracted from
libclamav/others.c, macro variable CL_FLEVEL.

So I had marked only clamav >= 0.92 and < 0.92.1 as vulnerable.

More information about the freebsd-security mailing list