Launchpad.net

CVE 2007-6335

Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow.

Related bugs and status

CVE-2007-6335 (Candidate) is related to these bugs:

Bug #177537: Remote Code Execution

		In	Importance	Status
177537	Remote Code Execution	clamav (Ubuntu)	Undecided	Fix Released
177537	Remote Code Execution	clamav (Ubuntu Dapper)	Undecided	Won't Fix
177537	Remote Code Execution	clamav (Ubuntu Edgy)	Undecided	Won't Fix
177537	Remote Code Execution	clamav (Ubuntu Hardy)	Undecided	Fix Released
177537	Remote Code Execution	clamav (Ubuntu Gutsy)	Undecided	Fix Released
177537	Remote Code Execution	clamav (Ubuntu Feisty)	Undecided	Fix Released
177537	Remote Code Execution	Feisty Backports	Undecided	Fix Released

Bug #180285: [clamav] remote vulnerabilities in versions before 0.92

Summary				In	Importance	Status
	180285	[clamav] remote vulnerabilities in versions before 0.92		clamav (Ubuntu)	Undecided	New

See the

CVE page on Mitre.org for more details.

References

IDEFENSE: 20071218 ClamAV libcla...
DEBIAN: DSA-1435
SECTRACK: 1019112
SECUNIA: 28117
SECUNIA: 28176
GENTOO: GLSA-200712-20
SECUNIA: 28278
MANDRIVA: MDVSA-2008:003
SECUNIA: 28153
SECUNIA: 28421
SUSE: SUSE-SR:2008:001
SECUNIA: 28412
FEDORA: FEDORA-2008-0115
FEDORA: FEDORA-2008-0170
SECUNIA: 28587
BID: 26927
CONFIRM: http://docs.info.apple...
APPLE: APPLE-SA-2008-03-18
SECUNIA: 29420
VUPEN: ADV-2007-4253
VUPEN: ADV-2008-0924
XF: clamantivirus-libclama...
EXPLOIT-DB: 4862