CVE-2006-1614 — Anti-virus Clamav vulnerability

6 documents6 sources

Severity

5.1MEDIUMNVD

EPSS

28.2%

top 3.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Clam Anti-virus Clamav

Timeline

PublishedApr 6

Latest updateMay 1

Description

Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages2 packages

▶Debianclamav/clamav< 0.88.1-1+3

▶NVDclam_anti-virus/clamav30 versions+29

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-3fxc-8qq3-cq6g: Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe↗2022-05-01

▶

OSV

CVE-2006-1614: Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe↗2006-04-06

▶

CVEList

CVE-2006-1614: Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe↗2006-04-06

▶

📋Vendor Advisories

Debian

CVE-2006-1614: clamav - Integer overflow in the cli_scanpe function in the PE header parser (libclamav/p...↗2006

▶

💬Community

Bugzilla

Security Vulnerability: CVE-2006-1614↗2006-04-13

▶