FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

clamav -- possible heap overflow in the UPX code

Affected packages
clamav < 0.88
clamav-devel < 20060110


VuXML ID 612a34ec-81dc-11da-a043-0002a5c3d308
Discovery 2006-01-09
Entry 2006-01-10
Modified 2006-01-15

The Zero Day Initiative reports:

This vulnerability allows remote attackers to execute arbitrary code on vulnerable Clam AntiVirus installations. Authentication is not required to exploit this vulnerability.

This specific flaw exists within libclamav/upx.c during the unpacking of executable files compressed with UPX. Due to an invalid size calculation during a data copy from the user-controlled file to heap allocated memory, an exploitable memory corruption condition is created.


Bugtraq ID 16191
CVE Name CVE-2006-0162