VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 10, 2006· Updated Apr 23, 2026

CVE-2006-5874

CVE-2006-5874

Description

Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

ClamAV 0.88 and earlier crashes when processing a malformed base64-encoded MIME attachment due to a null pointer dereference.

Vulnerability

Clam AntiVirus (ClamAV) versions 0.88 and earlier contain a null pointer dereference vulnerability in the handling of base64-encoded MIME attachments. A remote attacker can trigger this flaw by sending a specially crafted email with a malformed base64 attachment, causing the ClamAV scanning engine to crash [1][2].

Exploitation

An attacker needs only to send an email containing a malformed base64-encoded MIME attachment to a system running ClamAV. No authentication or special network position is required; the email is automatically processed by ClamAV's scanning engine, leading to a null pointer dereference and subsequent crash [1].

Impact

Successful exploitation results in a denial of service (crash) of the ClamAV daemon, potentially disrupting email scanning services. The null pointer dereference may also affect system stability if ClamAV is running in a critical path [2].

Mitigation

ClamAV 0.88.1 or later contains the fix for this vulnerability. Users should upgrade to a patched version. No workarounds are documented in the available references. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog [1][2].

References
  1. About Secunia Research | Flexera
  2. Security - Support

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

23
  • ClamAV/Clamav22 versions
    cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*+ 21 more
    • cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*range: <=0.88
    • cpe:2.3:a:clam_anti-virus:clamav:.:*:*:*:*:*:*:*
    • cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*
    • cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2:*:*:*:*:*:*:*
    • cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3:*:*:*:*:*:*:*
    • cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4:*:*:*:*:*:*:*
    • cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*
    • cpe:2.3:a:clam_anti-virus:clamav:0.81_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*
    • cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*
    • cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*
    • cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:*:*:*:*:*:*:*
    • cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*
    • cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*
    • cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*
    • cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*
    • cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*
    • cpe:2.3:a:clam_anti-virus:clamav:0.86_rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*
    • cpe:2.3:a:clam_anti-virus:clamav:0.87.1:*:*:*:*:*:*:*
  • osv-coords
    pkg:rpm/opensuse/clamav&distro=openSUSE%20Tumbleweed
    Range: < 0.103.3-1.4

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.