CVE-2006-4018
clamav - buffer overflow
EPSS 44.6%
Description
Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values.
How to fix CVE-2006-4018
To remediate CVE-2006-4018, upgrade the affected package to a fixed version below.
- Debian/clamav—upgrade to 0.88.4-1 or later
- Debian/clamav—upgrade to 0.84-2.sarge.10 or later
Is CVE-2006-4018 being exploited?
Moderate — EPSS is 44.6%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 0.88.4-1
- from 0, < 0.84-2.sarge.10