CVE-2010-4261

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.

References

http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=master

http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051905.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052401.html

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

http://openwall.com/lists/oss-security/2010/12/03/1

http://openwall.com/lists/oss-security/2010/12/03/3

http://openwall.com/lists/oss-security/2010/12/03/6

http://secunia.com/advisories/42426

http://secunia.com/advisories/42523

http://secunia.com/advisories/42555

http://secunia.com/advisories/42720

http://support.apple.com/kb/HT4581

http://www.mandriva.com/security/advisories?name=MDVSA-2010:249

http://www.securityfocus.com/bid/45152

http://www.securitytracker.com/id?1024818

http://www.ubuntu.com/usn/USN-1031-1

http://www.vupen.com/english/advisories/2010/3135

http://www.vupen.com/english/advisories/2010/3137

http://www.vupen.com/english/advisories/2010/3185

http://xorl.wordpress.com/2010/12/05/cve-2010-4261-clamav-icon_cb-off-by-one/

https://bugzilla.redhat.com/show_bug.cgi?id=659861

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2344

Details

Source: MITRE

Published: 2010-12-07

Updated: 2011-03-24

Type: CWE-189

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:clamav:clamav:0.01:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.02:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.3:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.05:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.8:rc3:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.9:rc1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.10:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.12:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.13:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.14:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.14:pre:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.15:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.20:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.21:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.22:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.23:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.24:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.51:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.52:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.53:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.54:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.60:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.60p:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.65:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.66:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.67:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.67-1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.68:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.68.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.70:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.70:rc:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.71:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.72:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.73:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.74:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.75:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.75.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.80:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.80:rc:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.80:rc1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.80:rc2:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.80:rc3:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.80:rc4:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.80_rc:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.81:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.81:rc1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.82:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.83:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.84:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.84:rc1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.84:rc2:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.85:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.85.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.86:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.86:rc1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.86.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.86.2:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.87:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.87.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.88:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.88.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.88.2:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.88.3:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.88.4:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.88.5:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.88.6:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.88.7:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.88.7_p0:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.88.7_p1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90:rc1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90:rc1.1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90:rc2:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90:rc3:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90.1_p0:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90.2:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90.2_p0:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90.3:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90.3_p0:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.90.3_p1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.91:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.91:rc1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.91:rc2:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.91.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.91.2:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.91.2_p0:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.92:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.92.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.92_p0:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.93:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.93.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.93.2:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.93.3:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.94:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.94.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.94.2:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.95:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.95:rc1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.95:rc2:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.95:src1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.95:src2:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.95.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.95.2:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.95.3:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.96:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.96:rc1:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.96:rc2:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.96.1:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.96.2:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:0.96.3:*:*:*:*:*:*:*

cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:* versions up to 0.96.4 (inclusive)

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
75449openSUSE Security Update : clamav (openSUSE-SU-2010:1041-1)NessusSuSE Local Security Checks
high
56595GLSA-201110-20 : Clam AntiVirus: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
53701openSUSE Security Update : clamav (openSUSE-SU-2010:1041-1)NessusSuSE Local Security Checks
high
53653openSUSE Security Update : clamav (openSUSE-SU-2010:1041-1)NessusSuSE Local Security Checks
high
52754Mac OS X 10.6.x < 10.6.7 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
52753Mac OS X Multiple Vulnerabilities (Security Update 2011-001)NessusMacOS X Local Security Checks
high
800796Mac OS X 10.6 < 10.6.7 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high
5826Mac OS X 10.6 < 10.6.7 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
51346Fedora 13 : clamav-0.96.5-1300.fc13 (2010-18564)NessusFedora Local Security Checks
high
51135SuSE 10 Security Update : clamav (ZYPP Patch Number 7274)NessusSuSE Local Security Checks
high
51125ClamAV < 0.96.5 Multiple VulnerabilitiesNessusMisc.
high
51117Ubuntu 10.04 LTS / 10.10 : clamav vulnerabilities (USN-1031-1)NessusUbuntu Local Security Checks
high
51112SuSE 11 / 11.1 Security Update : clamav (SAT Patch Numbers 3645 / 3646)NessusSuSE Local Security Checks
high
51111SuSE9 Security Update : clamav (YOU Patch Number 12666)NessusSuSE Local Security Checks
high
51071Mandriva Linux Security Advisory : clamav (MDVSA-2010:249)NessusMandriva Local Security Checks
high
51068Fedora 14 : clamav-0.96.5-1400.fc14 (2010-18568)NessusFedora Local Security Checks
high
5722ClamAV < 0.96.5 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high