CVE-2006-5295

Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location."

Score5.0
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactPARTIAL
Published2006-10-16 07:07:00.000-04
Last Modified2017-07-19 09:33:40.000-04

Vulnerable Software List

VendorProductVersions
Clam Anti-virus Clamav ., 0.15, 0.20, 0.21, 0.22, 0.23, 0.24, 0.51, 0.52, 0.53, 0.54, 0.60, 0.60p, 0.65, 0.67, 0.68, 0.68.1, 0.70, 0.71, 0.72

References

SourceLink
CONFIRMhttp://kolab.org/security/kolab-vendor-notice-13.txt
IDEFENSE20061016 Clam AntiVirus ClamAV CHM Chunk Name Length DoS Vulnerability
GENTOOGLSA-200610-10
SECTRACK1017068
DEBIANDSA-1196
MANDRIVAMDKSA-2006:184
SUSESUSE-SA:2006:060
BID20537
VUPENADV-2006-4034
VUPENADV-2006-4136
VUPENADV-2006-4264
XFclamav-chm-dos(29608)