{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<P><SPAN class=\"textit\">ClamAV</SPAN> versions 0.81 \u00e0 0.88.3.</P>","content":"## Description\n\nUne vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire a \u00e9t\u00e9 d\u00e9couverte dans\nla fonction pefromupx du fichier libclamav/upx.c. Un utilisateur mal\nintentionn\u00e9 peut, \u00e0 l'aide d'un fichier malveillant compress\u00e9 avec UPX,\nex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nMettre \u00e0 jour ClamAV en version 0.88.4 (voir Documentation).\n","cves":[],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Debian DSA-1153 :","url":"http://www.debian.org/security/2006/dsa-1153"},{"title":"Version 0.88.4 de ClamAV :","url":"http://www.clamav.net/stable.php#pagestart"}],"reference":"CERTA-2006-AVI-336","revisions":[{"description":"version initiale.","revision_date":"2006-08-08T00:00:00.000000"},{"description":"ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Debian.","revision_date":"2006-08-21T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":null,"title":"Vuln\u00e9rabilit\u00e9 dans ClamAV","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 ClamAV 0.88.4 du 07 ao\u00fbt 2006","url":"http://www.clamav.net/security/0.88.4.html"}]}