A remote overflow exists in Clam AntiVirus. The product fails to correctly verify the length of PE headers resulting in a heap overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Upgrade to version 0.88.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1015887
• Bugtraq ID: 17388
• Secunia Advisory ID: 19534 19536 19564 19567 19570 19608 23719
• CVE ID: 2006-1614 (see also: NVD)
• Related OSVDB ID: 24458 24459
• ISS X-Force ID: 25660 25661 25662
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0176.html
• Vendor Specific Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html
  http://www.gentoo.org/security/en/glsa/glsa-200604-06.xml
  http://www.trustix.org/errata/2006/0020/
• Vendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=407078
• Other Advisory URL: http://up2date.astaro.com/2006/05/low_up2date_6202.html
  http://www.us.debian.org/security/2006/dsa-1024
  http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:067
• Generic Informational URL: http://www.overflow.pl/adv/clamavupxinteger.txt

• Damian Put - pucikoverflow.pl -