ID CVE-2006-5295
Summary Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location."
References
Vulnerable Configurations
  • cpe:2.3:a:clam_anti-virus:clamav:.
    cpe:2.3:a:clam_anti-virus:clamav:.
  • cpe:2.3:a:clam_anti-virus:clamav:0.15
    cpe:2.3:a:clam_anti-virus:clamav:0.15
  • cpe:2.3:a:clam_anti-virus:clamav:0.20
    cpe:2.3:a:clam_anti-virus:clamav:0.20
  • cpe:2.3:a:clam_anti-virus:clamav:0.21
    cpe:2.3:a:clam_anti-virus:clamav:0.21
  • cpe:2.3:a:clam_anti-virus:clamav:0.22
    cpe:2.3:a:clam_anti-virus:clamav:0.22
  • cpe:2.3:a:clam_anti-virus:clamav:0.23
    cpe:2.3:a:clam_anti-virus:clamav:0.23
  • cpe:2.3:a:clam_anti-virus:clamav:0.24
    cpe:2.3:a:clam_anti-virus:clamav:0.24
  • cpe:2.3:a:clam_anti-virus:clamav:0.51
    cpe:2.3:a:clam_anti-virus:clamav:0.51
  • cpe:2.3:a:clam_anti-virus:clamav:0.52
    cpe:2.3:a:clam_anti-virus:clamav:0.52
  • cpe:2.3:a:clam_anti-virus:clamav:0.53
    cpe:2.3:a:clam_anti-virus:clamav:0.53
  • cpe:2.3:a:clam_anti-virus:clamav:0.54
    cpe:2.3:a:clam_anti-virus:clamav:0.54
  • cpe:2.3:a:clam_anti-virus:clamav:0.60
    cpe:2.3:a:clam_anti-virus:clamav:0.60
  • cpe:2.3:a:clam_anti-virus:clamav:0.60p
    cpe:2.3:a:clam_anti-virus:clamav:0.60p
  • cpe:2.3:a:clam_anti-virus:clamav:0.65
    cpe:2.3:a:clam_anti-virus:clamav:0.65
  • cpe:2.3:a:clam_anti-virus:clamav:0.67
    cpe:2.3:a:clam_anti-virus:clamav:0.67
  • cpe:2.3:a:clam_anti-virus:clamav:0.68
    cpe:2.3:a:clam_anti-virus:clamav:0.68
  • cpe:2.3:a:clam_anti-virus:clamav:0.68.1
    cpe:2.3:a:clam_anti-virus:clamav:0.68.1
  • cpe:2.3:a:clam_anti-virus:clamav:0.70
    cpe:2.3:a:clam_anti-virus:clamav:0.70
  • cpe:2.3:a:clam_anti-virus:clamav:0.71
    cpe:2.3:a:clam_anti-virus:clamav:0.71
  • cpe:2.3:a:clam_anti-virus:clamav:0.72
    cpe:2.3:a:clam_anti-virus:clamav:0.72
  • cpe:2.3:a:clam_anti-virus:clamav:0.73
    cpe:2.3:a:clam_anti-virus:clamav:0.73
  • cpe:2.3:a:clam_anti-virus:clamav:0.74
    cpe:2.3:a:clam_anti-virus:clamav:0.74
  • cpe:2.3:a:clam_anti-virus:clamav:0.75
    cpe:2.3:a:clam_anti-virus:clamav:0.75
  • cpe:2.3:a:clam_anti-virus:clamav:0.75.1
    cpe:2.3:a:clam_anti-virus:clamav:0.75.1
  • cpe:2.3:a:clam_anti-virus:clamav:0.80
    cpe:2.3:a:clam_anti-virus:clamav:0.80
  • cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1
    cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1
  • cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2
    cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2
  • cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3
    cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3
  • cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4
    cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4
  • cpe:2.3:a:clam_anti-virus:clamav:0.81
    cpe:2.3:a:clam_anti-virus:clamav:0.81
  • cpe:2.3:a:clam_anti-virus:clamav:0.81_rc1
    cpe:2.3:a:clam_anti-virus:clamav:0.81_rc1
  • cpe:2.3:a:clam_anti-virus:clamav:0.82
    cpe:2.3:a:clam_anti-virus:clamav:0.82
  • cpe:2.3:a:clam_anti-virus:clamav:0.83
    cpe:2.3:a:clam_anti-virus:clamav:0.83
  • cpe:2.3:a:clam_anti-virus:clamav:0.84
    cpe:2.3:a:clam_anti-virus:clamav:0.84
  • cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1
    cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1
  • cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2
    cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2
  • cpe:2.3:a:clam_anti-virus:clamav:0.85
    cpe:2.3:a:clam_anti-virus:clamav:0.85
  • cpe:2.3:a:clam_anti-virus:clamav:0.85.1
    cpe:2.3:a:clam_anti-virus:clamav:0.85.1
  • cpe:2.3:a:clam_anti-virus:clamav:0.86
    cpe:2.3:a:clam_anti-virus:clamav:0.86
  • cpe:2.3:a:clam_anti-virus:clamav:0.86.1
    cpe:2.3:a:clam_anti-virus:clamav:0.86.1
  • cpe:2.3:a:clam_anti-virus:clamav:0.86.2
    cpe:2.3:a:clam_anti-virus:clamav:0.86.2
  • cpe:2.3:a:clam_anti-virus:clamav:0.86_rc1
    cpe:2.3:a:clam_anti-virus:clamav:0.86_rc1
  • cpe:2.3:a:clam_anti-virus:clamav:0.87
    cpe:2.3:a:clam_anti-virus:clamav:0.87
  • cpe:2.3:a:clam_anti-virus:clamav:0.87.1
    cpe:2.3:a:clam_anti-virus:clamav:0.87.1
  • cpe:2.3:a:clam_anti-virus:clamav:0.88
    cpe:2.3:a:clam_anti-virus:clamav:0.88
  • cpe:2.3:a:clam_anti-virus:clamav:0.88.1
    cpe:2.3:a:clam_anti-virus:clamav:0.88.1
  • cpe:2.3:a:clam_anti-virus:clamav:0.88.3
    cpe:2.3:a:clam_anti-virus:clamav:0.88.3
  • cpe:2.3:a:clam_anti-virus:clamav:0.88.4
    cpe:2.3:a:clam_anti-virus:clamav:0.88.4
CVSS
Base: 5.0 (as of 17-10-2006 - 09:25)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description Clam AntiVirus <= 0.88.4 CHM Chunk Name Length DoS PoC. CVE-2006-5295. Dos exploits for multiple platform
id EDB-ID:2586
last seen 2016-01-31
modified 2006-10-17
published 2006-10-17
reporter Damian Put
source https://www.exploit-db.com/download/2586/
title Clam AntiVirus <= 0.88.4 CHM Chunk Name Length DoS PoC
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CLAMAV-2180.NASL
    description Two security problems have been found and fixed in the antivirus scan engine 'clamav', which could be used by remote attackers sending prepared E-Mails containing special crafted infected files to potentially execute code. CVE-2006-4182: A problem in dealing with PE (Portable Executables aka Windows .EXE) files could result in an integer overflow, causing a heap overflow, which could be used by attackers to potentially execute code. CVE-2006-5295: A problem in dealing with CHM (compressed helpfile) exists that could cause an invalid memory read, causing the clamav engine to crash.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27175
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27175
    title openSUSE 10 Security Update : clamav (clamav-2180)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-184.NASL
    description An integer overflow in previous versions of ClamAV could allow a remote attacker to cause a Denial of Service (scanning service crash) and execute arbitrary code via a Portable Executable (PE) file (CVE-2006-4182). Another vulnerability could allow a remote attacker to cause a DoS via a crafted compressed HTML (CHM) file that causes ClamAV to read an invalid memory location (CVE-2006-5295). These issues are corrected in ClamAV 0.88.5 which is provided with this update.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24569
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24569
    title Mandrake Linux Security Advisory : clamav (MDKSA-2006:184)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1196.NASL
    description Several remote vulnerabilities have been discovered in the ClamAV malware scan engine, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4182 Damian Put discovered a heap overflow error in the script to rebuild PE files, which could lead to the execution of arbitrary code. - CVE-2006-5295 Damian Put discovered that missing input sanitising in the CHM handling code might lead to denial of service.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 22905
    published 2006-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22905
    title Debian DSA-1196-1 : clamav - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CLAMAV-2179.NASL
    description Two security problems have been found in the antivirus scan engine 'clamav', which could be used by remote attackers sending prepared E-Mails containing special crafted infected files to potentially execute code. - A problem in dealing with PE (Portable Executables aka Windows .EXE) files could result in an integer overflow, causing a heap overflow, which could be used by attackers to potentially execute code. (CVE-2006-4182) - A problem in dealing with CHM (compressed helpfile) exists that could cause an invalid memory read, causing the clamav engine to crash. (CVE-2006-5295)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29395
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29395
    title SuSE 10 Security Update : clamav (ZYPP Patch Number 2179)
refmap via4
bid 20537
confirm http://kolab.org/security/kolab-vendor-notice-13.txt
debian DSA-1196
gentoo GLSA-200610-10
idefense 20061016 Clam AntiVirus ClamAV CHM Chunk Name Length DoS Vulnerability
mandriva MDKSA-2006:184
sectrack 1017068
secunia
  • 22370
  • 22421
  • 22488
  • 22498
  • 22537
  • 22551
  • 22626
suse SUSE-SA:2006:060
vupen
  • ADV-2006-4034
  • ADV-2006-4136
  • ADV-2006-4264
xf clamav-chm-dos(29608)
Last major update 07-03-2011 - 21:42
Published 16-10-2006 - 19:07
Last modified 19-07-2017 - 21:33
Back to Top