Overview
A vulnerability in the way Clam AntiVirus processes Portable Executable (PE) files may lead to execution of arbitrary code.
Description
Clam AntiVirus is a GPL virus scanner that has built-in support for for a number of file types including PE. According to iDefense Public Advisory: 10.15.06: While processing certain PE elements, two variables can be very large and integer overflow could occur. This would result in less memory being allocated than was expected by the programmer and subsequent code would overflow the heap buffer. |
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial of service condition. |
Solution
Update |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=422
- http://kolab.org/security/kolab-vendor-notice-13.txt
- http://www.securityfocus.com/bid/20535
- http://www.frsirt.com/english/advisories/2006/4034
- http://www.frsirt.com/english/advisories/2006/4136
- http://securitytracker.com/id?1017068
- http://secunia.com/advisories/22370
- http://secunia.com/advisories/22421
- http://secunia.com/advisories/22498
- http://secunia.com/advisories/22488
- http://secunia.com/advisories/22537
- http://xforce.iss.net/xforce/xfdb/29607
Acknowledgements
This issue was reported in File Release Notes and Changelog for Clam AntiVirus 0.88.5.
This document was written by Chris Taschner.
Other Information
| CVE IDs: | CVE-2006-4182 |
| Severity Metric: | 10.40 |
| Date Public: | 2006-10-16 |
| Date First Published: | 2006-11-07 |
| Date Last Updated: | 2006-11-07 21:41 UTC |
| Document Revision: | 14 |