CVE-2010-1311

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information.

References

http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96

http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html

http://secunia.com/advisories/39293

http://secunia.com/advisories/39329

http://secunia.com/advisories/39656

http://support.apple.com/kb/HT4312

http://www.mandriva.com/security/advisories?name=MDVSA-2010:082

http://www.securityfocus.com/bid/39262

http://www.ubuntu.com/usn/USN-926-1

http://www.vupen.com/english/advisories/2010/0827

http://www.vupen.com/english/advisories/2010/0832

http://www.vupen.com/english/advisories/2010/0909

http://www.vupen.com/english/advisories/2010/1001

http://www.vupen.com/english/advisories/2010/1206

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771

Details

Source: MITRE

Published: 2010-04-08

Updated: 2010-08-31

Type: CWE-20

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:clamav:clamav:0.01:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.02:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.03:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.05:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.9:rc1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.10:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.12:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.13:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.14:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.14:pre:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.15:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.20:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.21:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.22:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.23:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.24:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.51:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.52:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.53:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.54:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.60:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.60p:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.65:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.66:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.67:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.67-1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.68:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.68.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.70:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.70:rc:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.71:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.72:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.73:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.74:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.75:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.75.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.80:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.80:rc:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.80:rc2:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.80:rc3:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.80:rc4:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.81:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.82:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.83:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.84:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.84:rc1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.84:rc2:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.85:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.85.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.86:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.86:rc1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.86.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.86.2:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.87:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.87.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.88:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.88.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.88.2:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.88.3:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.88.4:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.88.5:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.88.6:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.88.7:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90:rc1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90:rc1.1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90:rc2:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90:rc3:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90.2:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90.3:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.91:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.91:rc1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.91:rc2:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.91.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.91.2:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.92:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.92.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.93:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.93.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.93.2:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.93.3:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.94:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.94.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.94.2:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.95:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.95:rc1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.95:rc2:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.95.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.95.2:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.95.3:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.96:rc1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:*:rc2:*:*:*:*:*:* versions up to 0.96 (inclusive)

cpe:2.3:a:clamavs:clamav:0.04:*:*:*:*:*:*:*

cpe:2.3:a:clamavs:clamav:0.06:*:*:*:*:*:*:*

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
50896SuSE 11 Security Update : clamav (SAT Patch Number 2298)NessusSuSE Local Security Checks
critical
49837SuSE 10 Security Update : clamav (ZYPP Patch Number 6990)NessusSuSE Local Security Checks
critical
49127GLSA-201009-06 : Clam AntiVirus: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
48424Mac OS X Multiple Vulnerabilities (Security Update 2010-005)NessusMacOS X Local Security Checks
high
46169SuSE9 Security Update : clamav (YOU Patch Number 12610)NessusSuSE Local Security Checks
critical
45622SuSE 10 Security Update : ClamAV (ZYPP Patch Number 6983)NessusSuSE Local Security Checks
critical
45567Mandriva Linux Security Advisory : clamav (MDVSA-2010:082-1)NessusMandriva Local Security Checks
critical
45476Ubuntu 8.10 / 9.04 / 9.10 : clamav vulnerabilities (USN-926-1)NessusUbuntu Local Security Checks
critical
5505ClamAV < 0.96 Multiple Vulnerabilities (deprecated)Nessus Network MonitorWeb Clients
high
45437ClamAV < 0.96 Multiple VulnerabilitiesNessusMisc.
medium