Arkadiusz Miskiewicz and others discovered that the PDF processing code in libclamav improperly validated input. This could allow a remote attacker to craft a PDF document that could crash clamav or possibly execute arbitrary code. (CVE-2010-4260, CVE-2010-4479)
It was discovered that an off-by-one error in the icon_cb function in pe_icons.c in libclamav could allow an attacker to corrupt memory, causing clamav to crash or possibly execute arbitrary code. (CVE-2010-4261)
10 December 2010
A security issue affects these releases of Ubuntu and its derivatives:
Arkadiusz Miskiewicz and others discovered that the PDF processing code in libclamav improperly validated input. This could allow a remote attacker to craft a PDF document that could crash clamav or possibly execute arbitrary code. (CVE-2010-4260, CVE-2010-4479)
It was discovered that an off-by-one error in the icon_cb function in pe_icons.c in libclamav could allow an attacker to corrupt memory, causing clamav to crash or possibly execute arbitrary code. (CVE-2010-4261)
In the default installation, attackers would be isolated by the clamav AppArmor profile.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
Vulmon