CVE-2006-6335

Name of the Vulnerable Software and Affected Versions Sophos Anti-Virus versions prior to 2.40

Description The issue is related to multiple buffer overflows in the scanning engine. These overflows can be triggered by a SIT archive with a long filename that is not null-terminated, causing a heap-based overflow in veex.dll due to improper length calculation, or by a CPIO archive with a similar long filename, resulting in a stack-based overflow in veex.dll.

Recommendations For versions prior to 2.40, update to version 2.40 or later to resolve the issue. As a temporary workaround, consider restricting the scanning of archives with long filenames to minimize the risk of exploitation.