CVE-2006-5647

Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a malformed CHM file with a large name length in the CHM chunk header, aka "CHM name length memory consumption vulnerability."

Published: Nov 1, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-5647
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
sophos / anti-virus	4.04	4.04.x
sophos / anti-virus	5.2	5.2.x
sophos / anti-virus	5.0.2	5.0.2.x
sophos / anti-virus	4.5.12	4.5.12.x
sophos / endpoint_security	-	6.04.x
sophos / anti-virus	4.5.11	4.5.11.x
sophos / anti-virus	4.7.1	4.7.1.x
sophos / anti-virus	4.7.2	4.7.2.x
sophos / anti-virus	5.0.4	5.0.4.x
sophos / anti-virus	5.2.1	5.2.1.x
sophos / anti-virus	4.05	4.05.x
sophos / anti-virus	4.5.3	4.5.3.x
sophos / anti-virus	4.5.4	4.5.4.x
sophos / anti-virus	6.0.4	6.0.4.x
sophos / anti-virus	5.1	5.1.x
sophos / anti-virus	5.0.1	5.0.1.x

Vulnerability Database

289,599

CVE-2006-5647