Launchpad.net

CVE 2006-5295

Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location."

Related bugs and status

CVE-2006-5295 (Candidate) is related to these bugs:

Bug #66510: Security vulnerability in ClamAV

Summary				In	Importance	Status
	66510	Security vulnerability in ClamAV		clamav (Ubuntu)	High	Fix Released
	66510	Security vulnerability in ClamAV		clamav (Ubuntu Dapper)	High	Fix Released

Bug #83065: Please backport clamav 0.88.7-1ubuntu1 to edgy from feisty

Summary				In	Importance	Status
	83065	Please backport clamav 0.88.7-1ubuntu1 to edgy from feisty		Edgy Backports	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

IDEFENSE: 20061016 Clam AntiViru...
BID: 20537
SECUNIA: 22370
SUSE: SUSE-SA:2006:060
SECTRACK: 1017068
SECUNIA: 22421
SECUNIA: 22498
CONFIRM: http://kolab.org/secur...
DEBIAN: DSA-1196
SECUNIA: 22488
SECUNIA: 22537
GENTOO: GLSA-200610-10
SECUNIA: 22551
SECUNIA: 22626
MANDRIVA: MDKSA-2006:184
VUPEN: ADV-2006-4034
VUPEN: ADV-2006-4136
VUPEN: ADV-2006-4264
XF: clamav-chm-dos(29608)