Bug 201688 (CVE-2006-4018)

Summary: Clam AntiVirus Win32-UPX Heap Overflow
Product: [Fedora] Fedora Reporter: Dirk Nehring <dnehring>
Component: clamavAssignee: Enrico Scholz <rh-bugzilla>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: medium    
Version: 4CC: extras-qa, fedora-security-list
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://www.overflow.pl/adv/clamav_upx_heap.txt
Whiteboard:
Fixed In Version: 0.88.5-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-11-06 13:39:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dirk Nehring 2006-08-08 11:05:25 UTC 
Description of problem:
Remote exploitation of a heap overflow vulnerability could allow execution of
arbitrary code or cause denial of service.

Vulnerability exists in pefromupx() function, that is used to buil Win32 PE file
from UPX packed file.

Version-Release number of selected component (if applicable):

0.88.3
Comment 1 Lubomir Kundrak 2006-09-14 15:18:29 UTC 
CVE-2006-4018
This is already fixed in 0.88.4.