CVE-2010-3434

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in ClamAV before 0.96.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. NOTE: some of these details are obtained from third party information.

References

http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96.3

http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=dc5143b4669ae39c79c9af50d569c28c798f33da

http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html

http://security-tracker.debian.org/tracker/CVE-2010-3434

http://support.apple.com/kb/HT4581

http://www.openwall.com/lists/oss-security/2010/09/22/1

http://www.openwall.com/lists/oss-security/2010/09/27/6

http://www.openwall.com/lists/oss-security/2010/09/28/3

http://www.openwall.com/lists/oss-security/2010/09/28/5

http://www.vupen.com/english/advisories/2010/2455

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2226

Details

Source: MITRE

Published: 2010-09-30

Updated: 2011-03-24

Type: CWE-119

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:clamav:clamav:0.01:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.02:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.3:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.05:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.9:rc1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.10:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.12:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.13:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.14:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.15:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.20:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.21:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.22:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.23:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.24:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.51:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.52:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.53:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.54:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.60:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.60p:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.65:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.66:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.67:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.67-1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.68:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.68.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.70:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.71:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.72:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.73:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.74:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.75:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.75.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.80:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.80:rc2:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.80:rc3:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.80:rc4:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.81:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.82:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.83:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.84:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.84:rc1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.84:rc2:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.85:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.85.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.86:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.86:rc1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.86.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.86.2:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.87:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.87.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.88:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.88.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.88.2:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.88.3:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.88.4:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.88.5:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.88.6:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.88.7:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90:rc1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90:rc1.1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90:rc2:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90:rc3:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90.2:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90.3:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90.3_p0:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90.3_p1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.91:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.91:rc1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.91:rc2:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.91.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.91.2:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.91.2_p0:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.92:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.92.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.92_p0:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.93:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.93.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.93.2:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.93.3:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.94:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.94.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.94.2:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.95:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.95:rc1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.95:rc2:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.95:src1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.95:src2:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.95.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.95.2:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.95.3:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.96:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.96:rc1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.96:rc2:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.96.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:* versions up to 0.96.2 (inclusive)

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
75448openSUSE Security Update : clamav (openSUSE-SU-2010:0921-1)NessusSuSE Local Security Checks
high
56595GLSA-201110-20 : Clam AntiVirus: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
52754Mac OS X 10.6.x < 10.6.7 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
52753Mac OS X Multiple Vulnerabilities (Security Update 2011-001)NessusMacOS X Local Security Checks
high
800796Mac OS X 10.6 < 10.6.7 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high
5826Mac OS X 10.6 < 10.6.7 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
50898SuSE 11 / 11.1 Security Update : clamav (SAT Patch Numbers 3440 / 3441)NessusSuSE Local Security Checks
high
50856SuSE 10 Security Update : clamav (ZYPP Patch Number 7209)NessusSuSE Local Security Checks
high
50855SuSE9 Security Update : clamav (YOU Patch Number 12662)NessusSuSE Local Security Checks
high
50416openSUSE Security Update : clamav (openSUSE-SU-2010:0921-1)NessusSuSE Local Security Checks
high
50415openSUSE Security Update : clamav (openSUSE-SU-2010:0921-1)NessusSuSE Local Security Checks
high
49712ClamAV < 0.96.3 Multiple VulnerabilitiesNessusMisc.
medium
5672ClamAV < 0.96.3 DoSNessus Network MonitorWeb Clients
medium