CVE-2006-4182

Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected.

🔗 References (50)

• cve@mitrehttp://docs.info.apple.com/article.html?artnum=304829
• cve@mitrehttp://kolab.org/security/kolab-vendor-notice-13.txt
• cve@mitrehttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=422
• cve@mitrehttp://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
• cve@mitrehttp://secunia.com/advisories/22370
• cve@mitrehttp://secunia.com/advisories/22421
• cve@mitrehttp://secunia.com/advisories/22488
• cve@mitrehttp://secunia.com/advisories/22498
• cve@mitrehttp://secunia.com/advisories/22537
• cve@mitrehttp://secunia.com/advisories/22551
• cve@mitrehttp://secunia.com/advisories/22626
• cve@mitrehttp://secunia.com/advisories/23155
• cve@mitrehttp://security.gentoo.org/glsa/glsa-200610-10.xml
• cve@mitrehttp://securitytracker.com/id?1017068
• cve@mitrehttp://www.debian.org/security/2006/dsa-1196