clamav

2006-10-1900:00:00

Google

osv.dev

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Several remote vulnerabilities have been discovered in the ClamAV malware
scan engine, which may lead to the execution of arbitrary code. The
Common Vulnerabilities and Exposures project identifies the following
problems:

CVE-2006-4182
Damian Put discovered a heap overflow error in the script to rebuild
PE files, which could lead to the execution of arbitrary code.
CVE-2006-5295
Damian Put discovered that missing input sanitising in the CHM
handling code might lead to denial of service.

For the stable distribution (sarge) these problems have been fixed in
version 0.84-2.sarge.11. Due to technical problems with the build host
this update lacks a build for the Sparc architecture. It will be
provided soon.

For the unstable distribution (sid) these problems have been fixed in
version 0.88.5-1.

We recommend that you upgrade your clamav packages.

CPENameOperatorVersion
clamaveq0.84-2.sarge.7
clamaveq0.84-2.sarge.10
clamaveq0.84-2.sarge.6
clamaveq0.84-2
clamaveq0.84-2.sarge.2
clamaveq0.84-2.sarge.4
clamaveq0.84-2.sarge.5
clamaveq0.84-2.sarge.3
clamaveq0.84-2.sarge.9
clamaveq0.84-2.sarge.8

Name	Operator	Version
clamav	eq	0.84-2.sarge.7
clamav	eq	0.84-2.sarge.10
clamav	eq	0.84-2.sarge.6
clamav	eq	0.84-2
clamav	eq	0.84-2.sarge.2
clamav	eq	0.84-2.sarge.4
clamav	eq	0.84-2.sarge.5
clamav	eq	0.84-2.sarge.3
clamav	eq	0.84-2.sarge.9
clamav	eq	0.84-2.sarge.8