Published: 26/05/2010 Updated: 13/02/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The cli_pdf function in libclamav/pdf.c in ClamAV prior to 0.96.1 allows remote malicious users to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length.

Vulnerable Product	Search on Vulmon	Subscribe to Product
clamav clamav 0.95.2
clamav clamav 0.86.2
clamav clamav 0.88.5
clamav clamav 0.02
clamav clamav 0.92
clamav clamav 0.95
clamav clamav 0.15
clamav clamav 0.90
clamav clamav 0.75.1
clamav clamav 0.65
clamav clamav 0.88.7
clamav clamav 0.81
clamav clamav 0.86
clamav clamav 0.01
clamav clamav 0.85
clamav clamav 0.84
clamav clamav 0.3
clamav clamav 0.93.1
clamav clamav 0.95.1
clamav clamav 0.93
clamav clamav 0.70
clamav clamav 0.68.1
clamav clamav 0.03
clamav clamav 0.87.1
clamav clamav 0.9
clamav clamav 0.74
clamav clamav 0.93.3
clamav clamav 0.88
clamav clamav 0.91
clamav clamav 0.86.1
clamav clamav 0.71
clamav clamav 0.88.1
clamav clamav 0.60p
clamav clamav 0.94
clamav clamav 0.80
clamav clamav 0.91.2
clamav clamav 0.85.1
clamav clamav 0.13
clamav clamav 0.10
clamav clamav 0.94.2
clamav clamav 0.12
clamav clamav 0.23
clamav clamav 0.60
clamav clamav 0.88.2
clamav clamav 0.83
clamav clamav 0.20
clamav clamav 0.88.4
clamav clamav 0.14
clamav clamav 0.24
clamav clamav 0.96
clamav clamav 0.66
clamav clamav
clamav clamav 0.51
clamav clamav 0.52
clamav clamav 0.22
clamav clamav 0.72
clamav clamav 0.75
clamav clamav 0.05
clamav clamav 0.54
clamav clamav 0.87
clamav clamav 0.21
clamav clamav 0.67-1
clamav clamav 0.90.1
clamav clamav 0.91.1
clamav clamav 0.95.3
clamav clamav 0.88.3
clamav clamav 0.67
clamav clamav 0.92.1
clamav clamav 0.90.2
clamav clamav 0.68
clamav clamav 0.53
clamav clamav 0.93.2
clamav clamav 0.88.6
clamav clamav 0.94.1
clamav clamav 0.82
clamav clamav 0.73

Debian Bug report logs - #584183 clamav-096 - Two new CVE Package: clamav; Maintainer for clamav is ClamAV Team <pkg-clamav-devel@listsaliothdebianorg>; Source for clamav is src:clamav (PTS, buildd, popcon) Reported by: "Sergey N Voronkov" <serg@tmnru> Date: Wed, 2 Jun 2010 03:27:01 UTC Severity: grave Tags: ...

An attacker could send crafted input to ClamAV and cause it to crash ...

NVD-CWE-Other http://www.vupen.com/english/advisories/2010/1214 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2016 http://www.securityfocus.com/bid/40317 http://secunia.com/advisories/39895 http://www.securitytracker.com/id?1024017 http://www.mandriva.com/security/advisories?name=MDVSA-2010:110 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055777.html http://secunia.com/advisories/43752 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055771.html https://exchange.xforce.ibmcloud.com/vulnerabilities/58824 http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=commitdiff%3Bh=f0eb394501ec21b9fe67f36cbf5db788711d4236#patch2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584183 https://usn.ubuntu.com/945-1/https://nvd.nist.gov

CVE-2010-1639

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect