CVE-2010-3434:clamav: Buffer overflow in the find_stream

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-3434

clamav: Buffer overflow in the find_stream_bounds function ...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3434

Original

Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in ClamAV before 0.96.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. NOTE: some of these details are obtained from third party information.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-09-30

Source Information Category:

Advisory, Alert

Last Updated:

2010-10-01

Affected Product Tags

cpe:/a:clamav:clamav:0.01

cpe:/a:clamav:clamav:0.02

cpe:/a:clamav:clamav:0.03

cpe:/a:clamav:clamav:0.05

cpe:/a:clamav:clamav:0.10

cpe:/a:clamav:clamav:0.12

cpe:/a:clamav:clamav:0.13

cpe:/a:clamav:clamav:0.14

cpe:/a:clamav:clamav:0.15

cpe:/a:clamav:clamav:0.20

cpe:/a:clamav:clamav:0.21

cpe:/a:clamav:clamav:0.22

cpe:/a:clamav:clamav:0.23

cpe:/a:clamav:clamav:0.24

cpe:/a:clamav:clamav:0.3

cpe:/a:clamav:clamav:0.51

cpe:/a:clamav:clamav:0.52

cpe:/a:clamav:clamav:0.53

cpe:/a:clamav:clamav:0.54

cpe:/a:clamav:clamav:0.60

cpe:/a:clamav:clamav:0.60p

cpe:/a:clamav:clamav:0.65

cpe:/a:clamav:clamav:0.66

cpe:/a:clamav:clamav:0.67

cpe:/a:clamav:clamav:0.67-1

cpe:/a:clamav:clamav:0.68

cpe:/a:clamav:clamav:0.68.1

cpe:/a:clamav:clamav:0.70

cpe:/a:clamav:clamav:0.71

cpe:/a:clamav:clamav:0.72

cpe:/a:clamav:clamav:0.73

cpe:/a:clamav:clamav:0.74

cpe:/a:clamav:clamav:0.75

cpe:/a:clamav:clamav:0.75.1

cpe:/a:clamav:clamav:0.80

cpe:/a:clamav:clamav:0.80:rc2

cpe:/a:clamav:clamav:0.80:rc3

cpe:/a:clamav:clamav:0.80:rc4

cpe:/a:clamav:clamav:0.81

cpe:/a:clamav:clamav:0.82

cpe:/a:clamav:clamav:0.83

cpe:/a:clamav:clamav:0.84

cpe:/a:clamav:clamav:0.84:rc1

cpe:/a:clamav:clamav:0.84:rc2

cpe:/a:clamav:clamav:0.85

cpe:/a:clamav:clamav:0.85.1

cpe:/a:clamav:clamav:0.86

cpe:/a:clamav:clamav:0.86.1

cpe:/a:clamav:clamav:0.86.2

cpe:/a:clamav:clamav:0.86:rc1

cpe:/a:clamav:clamav:0.87

cpe:/a:clamav:clamav:0.87.1

cpe:/a:clamav:clamav:0.88

cpe:/a:clamav:clamav:0.88.1

cpe:/a:clamav:clamav:0.88.2

cpe:/a:clamav:clamav:0.88.3

cpe:/a:clamav:clamav:0.88.4

cpe:/a:clamav:clamav:0.88.5

cpe:/a:clamav:clamav:0.88.6

cpe:/a:clamav:clamav:0.88.7

cpe:/a:clamav:clamav:0.90

cpe:/a:clamav:clamav:0.90.1

cpe:/a:clamav:clamav:0.90.2

cpe:/a:clamav:clamav:0.90.3

cpe:/a:clamav:clamav:0.90.3_p0

cpe:/a:clamav:clamav:0.90.3_p1

cpe:/a:clamav:clamav:0.90:rc1

cpe:/a:clamav:clamav:0.90:rc1.1

cpe:/a:clamav:clamav:0.90:rc2

cpe:/a:clamav:clamav:0.90:rc3

cpe:/a:clamav:clamav:0.91

cpe:/a:clamav:clamav:0.91.1

cpe:/a:clamav:clamav:0.91.2

cpe:/a:clamav:clamav:0.91.2_p0

cpe:/a:clamav:clamav:0.91:rc1

cpe:/a:clamav:clamav:0.91:rc2

cpe:/a:clamav:clamav:0.92

cpe:/a:clamav:clamav:0.92.1

cpe:/a:clamav:clamav:0.92_p0

cpe:/a:clamav:clamav:0.93

cpe:/a:clamav:clamav:0.93.1

cpe:/a:clamav:clamav:0.93.2

cpe:/a:clamav:clamav:0.93.3

cpe:/a:clamav:clamav:0.94

cpe:/a:clamav:clamav:0.94.1

cpe:/a:clamav:clamav:0.94.2

cpe:/a:clamav:clamav:0.95

cpe:/a:clamav:clamav:0.95.1

cpe:/a:clamav:clamav:0.95.2

cpe:/a:clamav:clamav:0.95.3

cpe:/a:clamav:clamav:0.95:rc1

cpe:/a:clamav:clamav:0.95:rc2

cpe:/a:clamav:clamav:0.95:src1

cpe:/a:clamav:clamav:0.95:src2

cpe:/a:clamav:clamav:0.96

cpe:/a:clamav:clamav:0.96.1

cpe:/a:clamav:clamav:0.96.2 and previous versions

cpe:/a:clamav:clamav:0.96:rc1

cpe:/a:clamav:clamav:0.96:rc2

cpe:/a:clamav:clamav:0.9:rc1

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

CONFIRM https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2226

CONFIRM http://security-tracker.debian.org/tracker/CVE-2010-3434

CONFIRM http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=dc5143b4669ae39c79c9af50d569c28c798f33da

CONFIRM http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96.3

MLIST [oss-security] 20100928 Re: CVE request: clamav < 0.96.3 pdf bounds checking

MLIST [oss-security] 20100927 Re: CVE request: clamav < 0.96.3 pdf bounds checking

MLIST [oss-security] 20100922 CVE request: clamav < 0.96.3 pdf bounds checking

VUPEN ADV-2010-2455

Vulnerability Type Buffer Errors (CWE-119)