CVE: CVE-2006-4018
Status: Critical
Vulnerable: ClamAV 0.81 – 0.88.3

A heap overflow vulnerability was discovered in libclamav which could cause a denial of service or allow the execution of arbitrary code.

The problem is specifically located in the PE file rebuild function used by the UPX unpacker.

Relevant code from libclamav/upx.c:

  memcpy(dst, newbuf, foffset);
  *dsize = foffset;
  free(newbuf);
  cli_dbgmsg("UPX: PE structure rebuilt from compressed file\n");
  return 1;

Due to improper validation it is possible to overflow the above memcpy() beyond the allocated memory block.

The problem has been fixed in 0.88.4.