CVE-2006-4018

ClamAV 0.81-0.88.3 - Remote Code Execution via UPX Packed File with Large rsize Values

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4018. PoCs published by Damian Put.

AI-analyzed exploit summary The provided text describes a heap buffer-overflow vulnerability in ClamAV versions 0.88.2 and 0.88.3 when handling compressed UPX files. It lacks actual exploit code but references a binary exploit available elsewhere.

Description

Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Damian Put · textdoslinux

https://www.exploit-db.com/exploits/28348

View Code ZIP pw:eip

The provided text describes a heap buffer-overflow vulnerability in ClamAV versions 0.88.2 and 0.88.3 when handling compressed UPX files. It lacks actual exploit code but references a binary exploit available elsewhere.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: ClamAV 0.88.2, 0.88.3

No auth needed

Prerequisites: A malformed UPX file to trigger the vulnerability

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (21)

Core 21

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21368

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/3175

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/442681/100/0/threaded

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21562

Vendor Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2006_46_clamav.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21433

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200608-13.xml

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21497

Various Sources x_refsource_confirm

http://kolab.org/security/kolab-vendor-notice-10.txt

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2006/dsa-1153

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21443

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2006:138

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/19381

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1016645

Exploit, Patch, Vendor Advisory x_refsource_misc

http://www.overflow.pl/adv/clamav_upx_heap.txt

Exploit, Patch, Vendor Advisory x_refsource_confirm

http://www.clamav.net/security/0.88.4.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/28286

Vendor Advisory vendor-advisory x_refsource_trustix

http://www.trustix.org/errata/2006/0046/

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21457

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21374

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/3275

Scores

EPSS 0.1800

EPSS Percentile 96.8%

Details

CWE

CWE-119

Status published

Products (15)

clamav/clamav 0.81 (2 CPE variants)

clamav/clamav 0.82

clamav/clamav 0.83

clamav/clamav 0.84 (3 CPE variants)

clamav/clamav 0.85

clamav/clamav 0.85.1

clamav/clamav 0.86 (2 CPE variants)

clamav/clamav 0.86.1

clamav/clamav 0.86.2

clamav/clamav 0.87

... and 5 more

Published Aug 08, 2006

Tracked Since Feb 18, 2026