Executive Summary

Informations
NameCVE-2010-3434First vendor Publication2010-09-30
VendorCveLast vendor Modification2011-03-23

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in ClamAV before 0.96.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. NOTE: some of these details are obtained from third party information.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3434

CWE : Common Weakness Enumeration

idName
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application100

OpenVAS Exploits

DateDescription
2012-02-12Name : Gentoo Security Advisory GLSA 201110-20 (Clam AntiVirus)
File : nvt/glsa_201110_20.nasl
2011-08-26Name : Mac OS X v10.6.6 Multiple Vulnerabilities (2011-001)
File : nvt/secpod_macosx_su11-001.nasl
2010-10-07Name : ClamAV 'find_stream_bounds()' function Buffer Overflow Vulnerability
File : nvt/gb_clamav_pdf_bof_vuln_lin.nasl
2010-09-29Name : ClamAV 'find_stream_bounds()' PDF File Processing Denial Of Service Vulnerabi...
File : nvt/gb_clamav_43555.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
68302ClamAV pdf.c find_stream_bounds Function Crafted PDF File Handling Overflow

Nessus® Vulnerability Scanner

DateDescription
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_clamav-100930.nasl - Type : ACT_GATHER_INFO
2011-10-24Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-20.nasl - Type : ACT_GATHER_INFO
2011-03-22Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_6_7.nasl - Type : ACT_GATHER_INFO
2011-03-22Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2011-001.nasl - Type : ACT_GATHER_INFO
2010-12-02Name : The remote SuSE 11 host is missing a security update.
File : suse_11_clamav-101102.nasl - Type : ACT_GATHER_INFO
2010-12-01Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_clamav-7209.nasl - Type : ACT_GATHER_INFO
2010-12-01Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12662.nasl - Type : ACT_GATHER_INFO
2010-10-30Name : The remote openSUSE host is missing a security update.
File : suse_11_1_clamav-100930.nasl - Type : ACT_GATHER_INFO
2010-10-30Name : The remote openSUSE host is missing a security update.
File : suse_11_2_clamav-100930.nasl - Type : ACT_GATHER_INFO
2010-10-05Name : The remote antivirus service is affected by multiple vulnerabilities.
File : clamav_0_96_3.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
APPLEhttp://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
CONFIRMhttp://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=c...
http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=dc5143b4669ae39c79...
http://security-tracker.debian.org/tracker/CVE-2010-3434
http://support.apple.com/kb/HT4581
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2226
MLISThttp://www.openwall.com/lists/oss-security/2010/09/22/1
http://www.openwall.com/lists/oss-security/2010/09/27/6
http://www.openwall.com/lists/oss-security/2010/09/28/3
http://www.openwall.com/lists/oss-security/2010/09/28/5
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html
VUPENhttp://www.vupen.com/english/advisories/2010/2455

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2014-06-14 13:29:15
  • Multiple Updates
2014-02-17 10:57:26
  • Multiple Updates
2013-05-10 23:32:35
  • Multiple Updates