Published: 08/04/2010 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The qtm_decompress function in libclamav/mspack.c in ClamAV prior to 0.96 allows remote malicious users to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
clamav clamav 0.95.2
clamav clamav 0.86.2
clamav clamav 0.88.5
clamav clamav 0.02
clamav clamav 0.92
clamav clamav 0.95
clamav clamav 0.15
clamav clamav 0.90
clamav clamav 0.75.1
clamav clamav 0.65
clamav clamav 0.88.7
clamav clamav 0.81
clamav clamav 0.86
clamav clamav 0.01
clamav clamav 0.85
clamav clamav 0.84
clamav clamav 0.3
clamav clamav 0.93.1
clamavs clamav 0.04
clamav clamav 0.95.1
clamav clamav 0.93
clamav clamav 0.70
clamav clamav 0.68.1
clamav clamav 0.03
clamav clamav 0.87.1
clamav clamav 0.9
clamav clamav 0.74
clamav clamav 0.93.3
clamav clamav 0.88
clamav clamav 0.91
clamav clamav 0.86.1
clamav clamav 0.71
clamav clamav 0.88.1
clamav clamav 0.60p
clamav clamav 0.94
clamav clamav 0.80
clamav clamav 0.91.2
clamav clamav 0.90.3
clamav clamav 0.85.1
clamav clamav 0.13
clamav clamav 0.10
clamav clamav 0.94.2
clamav clamav 0.12
clamav clamav 0.23
clamav clamav 0.60
clamav clamav 0.88.2
clamav clamav 0.83
clamav clamav 0.20
clamav clamav 0.88.4
clamav clamav 0.14
clamav clamav 0.24
clamav clamav 0.66
clamav clamav 0.51
clamav clamav 0.52
clamav clamav 0.22
clamav clamav 0.72
clamavs clamav 0.06
clamav clamav 0.75
clamav clamav 0.05
clamav clamav 0.54
clamav clamav 0.96
clamav clamav
clamav clamav 0.87
clamav clamav 0.21
clamav clamav 0.67-1
clamav clamav 0.90.1
clamav clamav 0.91.1
clamav clamav 0.95.3
clamav clamav 0.88.3
clamav clamav 0.67
clamav clamav 0.92.1
clamav clamav 0.90.2
clamav clamav 0.68
clamav clamav 0.53
clamav clamav 0.93.2
clamav clamav 0.88.6
clamav clamav 0.94.1
clamav clamav 0.82
clamav clamav 0.73

Debian Bug report logs - #577462 clamav: local DoS for all versions <096 Package: clamav; Maintainer for clamav is ClamAV Team <pkg-clamav-devel@listsaliothdebianorg>; Source for clamav is src:clamav (PTS, buildd, popcon) Reported by: Pedro R <pedrib@gmailcom> Date: Sun, 11 Apr 2010 21:09:01 UTC Severity: im ...

It was discovered that ClamAV did not properly verify its input when processing CAB files A remote attacker could send a specially crafted CAB file to evade malware detection (CVE-2010-0098) ...

CWE-20 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771 http://secunia.com/advisories/39329 http://www.securityfocus.com/bid/39262 http://www.vupen.com/english/advisories/2010/0827 http://secunia.com/advisories/39293 http://www.vupen.com/english/advisories/2010/0832 http://www.ubuntu.com/usn/USN-926-1 http://www.vupen.com/english/advisories/2010/0909 http://www.mandriva.com/security/advisories?name=MDVSA-2010:082 http://www.vupen.com/english/advisories/2010/1001 http://secunia.com/advisories/39656 http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html http://www.vupen.com/english/advisories/2010/1206 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://support.apple.com/kb/HT4312 http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577462 https://usn.ubuntu.com/926-1/https://nvd.nist.gov

CVE-2010-1311

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect