Vulnerability Description
Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Clam Anti-Virus | Clamav | . |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041325.html
- http://secunia.com/advisories/18379PatchVendor Advisory
- http://secunia.com/advisories/18453
- http://secunia.com/advisories/18463
- http://secunia.com/advisories/18478
- http://secunia.com/advisories/18548
- http://securityreason.com/securityalert/342
- http://securitytracker.com/id?1015457
- http://www.clamav.net/doc/0.88/ChangeLog
- http://www.debian.org/security/2006/dsa-947
- http://www.gentoo.org/security/en/glsa/glsa-200601-07.xml
- http://www.kb.cert.org/vuls/id/385908US Government Resource
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:016
- http://www.osvdb.org/22318
- http://www.securityfocus.com/bid/16191Patch
FAQ
What is CVE-2006-0162?
CVE-2006-0162 is a vulnerability with a CVSS score of 7.5 (HIGH). Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX fi...
How severe is CVE-2006-0162?
CVE-2006-0162 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0162?
Check the references section above for vendor advisories and patch information. Affected products include: Clam Anti-Virus Clamav.