Launchpad.net

CVE 2006-4182

Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected.

Related bugs and status

CVE-2006-4182 (Candidate) is related to these bugs:

Bug #66510: Security vulnerability in ClamAV

Summary				In	Importance	Status
	66510	Security vulnerability in ClamAV		clamav (Ubuntu)	High	Fix Released
	66510	Security vulnerability in ClamAV		clamav (Ubuntu Dapper)	High	Fix Released

Bug #83065: Please backport clamav 0.88.7-1ubuntu1 to edgy from feisty

Summary				In	Importance	Status
	83065	Please backport clamav 0.88.7-1ubuntu1 to edgy from feisty		Edgy Backports	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

IDEFENSE: 20061016 Clam AntiViru...
BID: 20535
SECUNIA: 22370
SUSE: SUSE-SA:2006:060
SECTRACK: 1017068
SECUNIA: 22421
SECUNIA: 22498
CONFIRM: http://kolab.org/secur...
DEBIAN: DSA-1196
SECUNIA: 22488
SECUNIA: 22537
GENTOO: GLSA-200610-10
SECUNIA: 22551
SECUNIA: 22626
CERT-VN: VU#180864
CONFIRM: http://docs.info.apple...
APPLE: APPLE-SA-2006-11-28
CERT: TA06-333A
SECUNIA: 23155
MANDRIVA: MDKSA-2006:184
VUPEN: ADV-2006-4034
VUPEN: ADV-2006-4136
VUPEN: ADV-2006-4264
VUPEN: ADV-2006-4750
XF: clamav-rebuildpe-bo(29...