Published: 07/12/2010 Updated: 13/02/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV prior to 0.96.5 allow remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396."

Vulnerable Product	Search on Vulmon	Subscribe to Product
clamav clamav 0.95.2
clamav clamav 0.86.2
clamav clamav 0.88.5
clamav clamav 0.02
clamav clamav 0.92
clamav clamav 0.95
clamav clamav 0.8
clamav clamav 0.15
clamav clamav 0.90
clamav clamav 0.75.1
clamav clamav 0.65
clamav clamav 0.88.7
clamav clamav 0.81
clamav clamav 0.86
clamav clamav 0.01
clamav clamav 0.92_p0
clamav clamav 0.85
clamav clamav 0.84
clamav clamav 0.3
clamav clamav 0.91.2_p0
clamav clamav 0.93.1
clamav clamav 0.95.1
clamav clamav 0.93
clamav clamav 0.70
clamav clamav 0.68.1
clamav clamav 0.03
clamav clamav 0.87.1
clamav clamav 0.9
clamav clamav 0.74
clamav clamav 0.93.3
clamav clamav 0.88
clamav clamav 0.91
clamav clamav 0.86.1
clamav clamav 0.71
clamav clamav 0.88.1
clamav clamav 0.60p
clamav clamav 0.94
clamav clamav 0.80
clamav clamav 0.91.2
clamav clamav 0.96.3
clamav clamav 0.90.3
clamav clamav 0.85.1
clamav clamav 0.96.2
clamav clamav 0.13
clamav clamav 0.10
clamav clamav 0.94.2
clamav clamav 0.96.1
clamav clamav 0.90.1_p0
clamav clamav 0.12
clamav clamav 0.88.7_p0
clamav clamav 0.23
clamav clamav 0.90.3_p1
clamav clamav 0.60
clamav clamav 0.88.2
clamav clamav 0.83
clamav clamav 0.20
clamav clamav 0.88.4
clamav clamav 0.90.3_p0
clamav clamav 0.14
clamav clamav 0.24
clamav clamav 0.96
clamav clamav 0.90.2_p0
clamav clamav 0.66
clamav clamav 0.51
clamav clamav 0.52
clamav clamav 0.22
clamav clamav 0.72
clamav clamav
clamav clamav 0.75
clamav clamav 0.05
clamav clamav 0.54
clamav clamav 0.87
clamav clamav 0.21
clamav clamav 0.88.7_p1
clamav clamav 0.67-1
clamav clamav 0.90.1
clamav clamav 0.91.1
clamav clamav 0.95.3
clamav clamav 0.88.3
clamav clamav 0.67
clamav clamav 0.92.1
clamav clamav 0.90.2
clamav clamav 0.68
clamav clamav 0.53
clamav clamav 0.93.2
clamav clamav 0.88.6
clamav clamav 0.94.1
clamav clamav 0.80_rc
clamav clamav 0.82
clamav clamav 0.73

Arkadiusz Miskiewicz and others discovered that the PDF processing code in libclamav improperly validated input This could allow a remote attacker to craft a PDF document that could crash clamav or possibly execute arbitrary code (CVE-2010-4260, CVE-2010-4479) ...

NVD-CWE-noinfo http://openwall.com/lists/oss-security/2010/12/03/1 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2396 http://openwall.com/lists/oss-security/2010/12/03/6 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2358 https://bugzilla.redhat.com/show_bug.cgi?id=659861 http://openwall.com/lists/oss-security/2010/12/03/3 http://secunia.com/advisories/42426 http://www.mandriva.com/security/advisories?name=MDVSA-2010:249 http://www.vupen.com/english/advisories/2010/3137 http://secunia.com/advisories/42523 http://www.securityfocus.com/bid/45152 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051905.html http://xorl.wordpress.com/2010/12/06/cve-2010-4260-clamav-multiple-pdf-vulnerabilities/http://www.vupen.com/english/advisories/2010/3135 http://www.ubuntu.com/usn/USN-1031-1 http://secunia.com/advisories/42555 http://www.vupen.com/english/advisories/2010/3185 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052401.html http://www.securitytracker.com/id?1024818 http://secunia.com/advisories/42720 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://support.apple.com/kb/HT4581 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=master https://usn.ubuntu.com/1031-1/https://nvd.nist.gov

Get Started

CVE-2010-4260

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect