An attacker could send crafted input to ClamAV and cause it to crash.
It was discovered that ClamAV did not properly reallocate memory when processing certain PDF files. A remote attacker could send a specially crafted PDF and crash ClamAV. (CVE-2010-1639)
27 May 2010
A security issue affects these releases of Ubuntu and its derivatives:
An attacker could send crafted input to ClamAV and cause it to crash.
It was discovered that ClamAV did not properly reallocate memory when processing certain PDF files. A remote attacker could send a specially crafted PDF and crash ClamAV. (CVE-2010-1639)
An out of bounds memory access flaw was discovered in ClamAV. A remote attacker could send a specially crafted Portable Executable (PE) file and crash ClamAV. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-2077)
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes. For Ubuntu 10.04 LTS, this update uses a new upstream release, which includes additional bug fixes.