CVE-2008-5747 - Resource Management Errors vulnerability in F Prot F Prot Antivirus 4.6.8



Last modification



F-Prot 4.6.8 for GNU/Linux allows remote attackers to bypass anti-virus protection via a crafted ELF program with a "corrupted" header that still allows the program to be executed. NOTE: due to an error in the initial disclosure, F-secure was incorrectly stated as the vendor.


F-PROT Antivirus for Linux is a virus scanning application for the Linux operating system. The application is prone to a denial-of-service vulnerability because it fails to handle malformed files. Successfully exploits will crash the affected application, resulting in a denial-of-service condition. Given the nature of this issue, code execution may be possible, but this has not been confirmed.F-PROT Antivirus for Linux 4.6.8 is vulnerable; other versions may also be affected.


NOTE: The vendor reports that the issue described affects a version of F-PROT that is no longer supported. The vendor recommends that customers upgrade to the current version, which is not vulnerable to this issue.


Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at:


CWE-399 - Resource Management Errors

Risk level (CVSS AV:N/AC:L/Au:N/C:N/I:N/A:P)



Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High


  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
F Prot F Prot Antivirus  4.6.8