201688 – (CVE-2006-4018) Clam AntiVirus Win32-UPX Heap Overflow

Bug 201688 (CVE-2006-4018) - Clam AntiVirus Win32-UPX Heap Overflow

Summary: Clam AntiVirus Win32-UPX Heap Overflow

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	CVE-2006-4018
Product:	Fedora
Classification:	Fedora
Component:	clamav
Sub Component:
Version:	4
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	urgent
Target Milestone:	---
Assignee:	Enrico Scholz
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:	http://www.overflow.pl/adv/clamav_upx...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-08-08 11:05 UTC by Dirk Nehring
Modified:	2007-11-30 22:11 UTC (History)
CC List:	2 users (show)
Fixed In Version:	0.88.5-1
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-11-06 13:39:53 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Dirk Nehring 2006-08-08 11:05:25 UTC

Description of problem:
Remote exploitation of a heap overflow vulnerability could allow execution of
arbitrary code or cause denial of service.

Vulnerability exists in pefromupx() function, that is used to buil Win32 PE file
from UPX packed file.

Version-Release number of selected component (if applicable):

0.88.3

Comment 1 Lubomir Kundrak 2006-09-14 15:18:29 UTC

CVE-2006-4018
This is already fixed in 0.88.4.

Note You need to log in before you can comment on or make changes to this bug.