CVE-2008-1389

EPSS 8.17% · P92 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2008-1389

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access."

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

ClamAV chmunpack.c无效内存访问拒绝服务漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Clam AntiVirus是Unix的GPL杀毒工具包，很多邮件网关产品都在使用。 ClamAV的libclamav/chmunpack.c文件在解析CHM文件时存在无效的内存访问，如果用户受骗打开了特制的CHM文件就可能导致拒绝服务。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2008-1389

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2008-1389

请登录查看更多情报信息。

http://kolab.org/security/kolab-vendor-notice-22.txtx_refsource_CONFIRM
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089x_refsource_CONFIRM
http://sourceforge.net/project/shownotes.php?group_id=86638&release_id=623661x_refsource_CONFIRM
http://support.apple.com/kb/HT3216x_refsource_CONFIRM
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLogx_refsource_CONFIRM
http://int21.de/cve/CVE-2008-1389-clamav-chd.htmlx_refsource_MISC
http://secunia.com/advisories/31725third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/31982third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/31681vdb-entryx_refsource_BID
http://secunia.com/advisories/32222third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/32699third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/31906third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/32030third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/30994vdb-entryx_refsource_BID
http://www.securitytracker.com/id?1020805vdb-entryx_refsource_SECTRACK
http://www.vupen.com/english/advisories/2008/2564vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/2484vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/2780vdb-entryx_refsource_VUPEN
http://security.gentoo.org/glsa/glsa-200809-18.xmlvendor-advisoryx_refsource_GENTOO
http://www.mandriva.com/security/advisories?name=MDVSA-2008:189vendor-advisoryx_refsource_MANDRIVA
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.htmlvendor-advisoryx_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.htmlvendor-advisoryx_refsource_SUSE
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.htmlvendor-advisoryx_refsource_FEDORA
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlvendor-advisoryx_refsource_APPLE
https://nvd.nist.gov/vuln/detail/CVE-2008-1389

Same Patch Batch · n/a · 2008-09-04 · 36 CVEs total

CVE-2008-3909		Django Login Form 跨站脚本攻击漏洞
CVE-2008-3930		Debian Citadel_server 后置链接漏洞
CVE-2008-3931		R 'javareconf' 不安全临时文件创建漏洞
CVE-2007-6716		Linux kernel 安全漏洞
CVE-2008-3904		Lightweight X11 Desktop Environment 'src/main-win.c'任意代码执行漏洞
CVE-2008-3905		Ruby 'resolv.rb' Predictable Transaction ID and Source Port DNS欺骗漏洞
CVE-2008-3906		Mono System.Web模块HTTP头注入漏洞
CVE-2008-3907		Newsbeuter Crafted URI 远程任意外壳指令注入漏洞
CVE-2008-3908		WordNet多个缓冲区溢出漏洞
CVE-2008-3929		Ampache 不安全临时文件创建漏洞
CVE-2008-3910		Dns2tcp 'dns_decode'函数负值处理缓冲区溢出漏洞
CVE-2008-3911		Linux Kernel proc_do_xprt()函数本地栈溢出漏洞
CVE-2008-2441		Cisco Secure ACS EAP响应报文解析拒绝服务漏洞
CVE-2008-2732		Cisco PIX ASA 错误SIP处理漏洞
CVE-2008-2733		Cisco ASA IPSec客户端认证处理漏洞
CVE-2008-2734		Cisco ASA SSL VPN 特制报文拒绝服务攻击漏洞
CVE-2008-2735		Cisco ASA SSL VPN 特制报文拒绝服务攻击漏洞
CVE-2008-2736		Cisco ASA VPN信息泄露漏洞
CVE-2008-3921		Telartis_bv Awstats_totals 月年参数跨站攻击漏洞
CVE-2008-3932		Wireshark 输入验证错误漏洞

Showing top 20 of 36 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2008-1389

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2008-1389

I. Basic Information for CVE-2008-1389

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2008-1389

III. Intelligence Information for CVE-2008-1389

Same Patch Batch · n/a · 2008-09-04 · 36 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2008-1389

Leave a comment