CVE-2010-3434

Executive Summary

Informations
Name	CVE-2010-3434	First vendor Publication	2010-09-30
Vendor	Cve	Last vendor Modification	2011-03-23

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in ClamAV before 0.96.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. NOTE: some of these details are obtained from third party information.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3434

CWE : Common Weakness Enumeration

id	Name
CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

Type	Description	Count
Application	Clamav Clamav cpe:/a:clamav:clamav:0.96.2 cpe:/a:clamav:clamav:0.96.1 cpe:/a:clamav:clamav:0.96 cpe:/a:clamav:clamav:0.96:rc2 cpe:/a:clamav:clamav:0.96:rc1 cpe:/a:clamav:clamav:0.95.3 cpe:/a:clamav:clamav:0.95.2 cpe:/a:clamav:clamav:0.95.1 cpe:/a:clamav:clamav:0.95:src1 cpe:/a:clamav:clamav:0.95:src2 cpe:/a:clamav:clamav:0.95:rc2 cpe:/a:clamav:clamav:0.95 cpe:/a:clamav:clamav:0.95:rc1 cpe:/a:clamav:clamav:0.94.2 cpe:/a:clamav:clamav:0.94.1 cpe:/a:clamav:clamav:0.94 cpe:/a:clamav:clamav:0.93.3 cpe:/a:clamav:clamav:0.93.2 cpe:/a:clamav:clamav:0.93.1 cpe:/a:clamav:clamav:0.93 cpe:/a:clamav:clamav:0.92.1 cpe:/a:clamav:clamav:0.92_p0 cpe:/a:clamav:clamav:0.92 cpe:/a:clamav:clamav:0.91.2_p0 cpe:/a:clamav:clamav:0.91.2 cpe:/a:clamav:clamav:0.91.1 cpe:/a:clamav:clamav:0.91:rc1 cpe:/a:clamav:clamav:0.91:rc2 cpe:/a:clamav:clamav:0.91 cpe:/a:clamav:clamav:0.90.3_p1 cpe:/a:clamav:clamav:0.90.3_p0 cpe:/a:clamav:clamav:0.90.3 cpe:/a:clamav:clamav:0.90.2 cpe:/a:clamav:clamav:0.90.1 cpe:/a:clamav:clamav:0.90 cpe:/a:clamav:clamav:0.90:rc3 cpe:/a:clamav:clamav:0.90:rc1.1 cpe:/a:clamav:clamav:0.90:rc1 cpe:/a:clamav:clamav:0.90:rc2 cpe:/a:clamav:clamav:0.9:rc1 cpe:/a:clamav:clamav:0.88.7 cpe:/a:clamav:clamav:0.88.6 cpe:/a:clamav:clamav:0.88.5 cpe:/a:clamav:clamav:0.88.4 cpe:/a:clamav:clamav:0.88.3 cpe:/a:clamav:clamav:0.88.2 cpe:/a:clamav:clamav:0.88.1 cpe:/a:clamav:clamav:0.88 cpe:/a:clamav:clamav:0.87.1 cpe:/a:clamav:clamav:0.87 cpe:/a:clamav:clamav:0.86.2 cpe:/a:clamav:clamav:0.86.1 cpe:/a:clamav:clamav:0.86 cpe:/a:clamav:clamav:0.86:rc1 cpe:/a:clamav:clamav:0.85.1 cpe:/a:clamav:clamav:0.85 cpe:/a:clamav:clamav:0.84 cpe:/a:clamav:clamav:0.84:rc2 cpe:/a:clamav:clamav:0.84:rc1 cpe:/a:clamav:clamav:0.83 cpe:/a:clamav:clamav:0.82 cpe:/a:clamav:clamav:0.81 cpe:/a:clamav:clamav:0.80:rc2 cpe:/a:clamav:clamav:0.80:rc4 cpe:/a:clamav:clamav:0.80 cpe:/a:clamav:clamav:0.80:rc3 cpe:/a:clamav:clamav:0.75.1 cpe:/a:clamav:clamav:0.75 cpe:/a:clamav:clamav:0.74 cpe:/a:clamav:clamav:0.73 cpe:/a:clamav:clamav:0.72 cpe:/a:clamav:clamav:0.71 cpe:/a:clamav:clamav:0.70 cpe:/a:clamav:clamav:0.68.1 cpe:/a:clamav:clamav:0.68 cpe:/a:clamav:clamav:0.67-1 cpe:/a:clamav:clamav:0.67 cpe:/a:clamav:clamav:0.66 cpe:/a:clamav:clamav:0.65 cpe:/a:clamav:clamav:0.60p cpe:/a:clamav:clamav:0.60 cpe:/a:clamav:clamav:0.54 cpe:/a:clamav:clamav:0.53 cpe:/a:clamav:clamav:0.52 cpe:/a:clamav:clamav:0.51 cpe:/a:clamav:clamav:0.3 cpe:/a:clamav:clamav:0.24 cpe:/a:clamav:clamav:0.23 cpe:/a:clamav:clamav:0.22 cpe:/a:clamav:clamav:0.21 cpe:/a:clamav:clamav:0.20 cpe:/a:clamav:clamav:0.15 cpe:/a:clamav:clamav:0.14 cpe:/a:clamav:clamav:0.13 cpe:/a:clamav:clamav:0.12 cpe:/a:clamav:clamav:0.10 cpe:/a:clamav:clamav:0.05 cpe:/a:clamav:clamav:0.03 cpe:/a:clamav:clamav:0.02 cpe:/a:clamav:clamav:0.01	100

Open Source Vulnerability Database (OSVDB)

id	Description
68302	ClamAV pdf.c find_stream_bounds Function Crafted PDF File Handling Overflow

Internal Sources (Detail)

Source	Url
APPLE	http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
CONFIRM	http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=c... http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=dc5143b4669ae39c79... http://security-tracker.debian.org/tracker/CVE-2010-3434 http://support.apple.com/kb/HT4581 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2226
MLIST	http://www.openwall.com/lists/oss-security/2010/09/22/1 http://www.openwall.com/lists/oss-security/2010/09/27/6 http://www.openwall.com/lists/oss-security/2010/09/28/3 http://www.openwall.com/lists/oss-security/2010/09/28/5
SUSE	http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html
VUPEN	http://www.vupen.com/english/advisories/2010/2455

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-10 23:32:35	Multiple Updates

Type	Count
CPE ID(s)	100
osvdb(s)	1

Related	Severity
GLSA-201110-20	(Critical)

Same Subject	Severity
Login to view 7 more Alert(s)

CVE-2010-3434

Executive Summary

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Internal Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU