CVE-2006-1615 — Use of Externally-Controlled Format String in Clamav

CWE-134 — Use of Externally-Controlled Format String6 documents6 sources

Severity

10.0CRITICALNVD

EPSS

36.8%

top 2.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Debian Clamav

Timeline

PublishedApr 6

Latest updateMay 1

Description

Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/clamav< clamav 0.88.1-1 (bookworm)

▶Debianclamav/clamav< 0.88.1-1+3

▶NVDclamav/clamav0.88+47

Patches

Patch: lists.suse.com ↗Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-x32g-rfqc-j2m7: Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0↗2022-05-01

▶

OSV

CVE-2006-1615: Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0↗2006-04-06

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Office Products - Array Index Bounds Error (PoC)↗2006-03-27

▶

📋Vendor Advisories

Debian

CVE-2006-1615: clamav - Multiple format string vulnerabilities in the logging code in Clam AntiVirus (Cl...↗2006

▶

💬Community

Bugzilla

Security Vulnerability: CVE-2006-1615↗2006-04-13

▶