Launchpad CVE tracker

CVE 2006-4018

Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values.

Related bugs and status

CVE-2006-4018 (Candidate) is related to these bugs:

Bug #59915: clamav in dapper vulnerable to critical heap overflow

Summary				In	Importance	Status
	59915	clamav in dapper vulnerable to critical heap overflow		clamav (Ubuntu)	Undecided	Fix Released

Bug #83065: Please backport clamav 0.88.7-1ubuntu1 to edgy from feisty

Summary				In	Importance	Status
	83065	Please backport clamav 0.88.7-1ubuntu1 to edgy from feisty		Edgy Backports	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.overflow.pl...
CONFIRM: http://www.clamav.net/...
GENTOO: GLSA-200608-13
BID: 19381
SECUNIA: 21374
SECUNIA: 21368
SECUNIA: 21433
SUSE: SUSE-SA:2006:046
SECTRACK: 1016645
SECUNIA: 21457
CONFIRM: http://kolab.org/secur...
DEBIAN: DSA-1153
TRUSTIX: 2006-0046
SECUNIA: 21443
SECUNIA: 21497
SECUNIA: 21562
MANDRIVA: MDKSA-2006:138
VUPEN: ADV-2006-3175
VUPEN: ADV-2006-3275
XF: clamav-pefromupx-bo(28...
BUGTRAQ: 20060809 [Overflow.pl]...

Launchpad.net

CVE 2006-4018

Related bugs and status

Related bugs

References