Unrated severityNVD Advisory· Published Aug 8, 2006· Updated Apr 16, 2026
CVE-2006-4018
CVE-2006-4018
Description
Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values.
Affected products
19cpe:2.3:a:clamav:clamav:0.81:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:clamav:clamav:0.81:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.81:rc1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.82:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.83:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.84:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.84:rc1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.84:rc2:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.85:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.85.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.86:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.86.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.86.2:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.86:rc1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.87:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.87.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.88:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.88.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.88.2:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.88.3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
21- www.clamav.net/security/0.88.4.htmlnvdExploitPatchVendor Advisory
- www.overflow.pl/adv/clamav_upx_heap.txtnvdExploitPatchVendor Advisory
- secunia.com/advisories/21368nvdVendor Advisory
- secunia.com/advisories/21374nvdVendor Advisory
- secunia.com/advisories/21433nvdVendor Advisory
- secunia.com/advisories/21443nvdVendor Advisory
- secunia.com/advisories/21457nvdVendor Advisory
- secunia.com/advisories/21497nvdVendor Advisory
- secunia.com/advisories/21562nvdVendor Advisory
- www.vupen.com/english/advisories/2006/3175nvdVendor Advisory
- www.vupen.com/english/advisories/2006/3275nvdVendor Advisory
- kolab.org/security/kolab-vendor-notice-10.txtnvd
- security.gentoo.org/glsa/glsa-200608-13.xmlnvd
- securitytracker.com/idnvd
- www.debian.org/security/2006/dsa-1153nvd
- www.mandriva.com/security/advisoriesnvd
- www.novell.com/linux/security/advisories/2006_46_clamav.htmlnvd
- www.securityfocus.com/archive/1/442681/100/0/threadednvd
- www.securityfocus.com/bid/19381nvd
- www.trustix.org/errata/2006/0046/nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/28286nvd
News mentions
0No linked articles in our index yet.