Published: 07/12/2010 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Unspecified vulnerability in pdf.c in libclamav in ClamAV prior to 0.96.5 allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka "bb #2380," a different vulnerability than CVE-2010-4260.

Vulnerable Product	Search on Vulmon	Subscribe to Product
clamav clamav 0.95.2
clamav clamav 0.86.2
clamav clamav 0.88.5
clamav clamav 0.02
clamav clamav 0.92
clamav clamav 0.95
clamav clamav 0.8
clamav clamav 0.15
clamav clamav 0.90
clamav clamav 0.75.1
clamav clamav 0.65
clamav clamav 0.88.7
clamav clamav 0.81
clamav clamav 0.86
clamav clamav 0.01
clamav clamav 0.92_p0
clamav clamav 0.85
clamav clamav 0.84
clamav clamav 0.3
clamav clamav 0.91.2_p0
clamav clamav 0.93.1
clamav clamav 0.95.1
clamav clamav 0.93
clamav clamav 0.70
clamav clamav 0.68.1
clamav clamav 0.03
clamav clamav 0.87.1
clamav clamav 0.9
clamav clamav 0.74
clamav clamav 0.93.3
clamav clamav 0.88
clamav clamav 0.91
clamav clamav 0.86.1
clamav clamav 0.71
clamav clamav 0.88.1
clamav clamav 0.60p
clamav clamav 0.94
clamav clamav 0.80
clamav clamav 0.91.2
clamav clamav 0.96.3
clamav clamav 0.90.3
clamav clamav 0.85.1
clamav clamav 0.96.2
clamav clamav 0.13
clamav clamav 0.10
clamav clamav 0.94.2
clamav clamav 0.96.1
clamav clamav 0.90.1_p0
clamav clamav 0.12
clamav clamav 0.88.7_p0
clamav clamav 0.23
clamav clamav 0.90.3_p1
clamav clamav 0.60
clamav clamav 0.88.2
clamav clamav 0.83
clamav clamav 0.20
clamav clamav 0.88.4
clamav clamav 0.90.3_p0
clamav clamav 0.14
clamav clamav 0.24
clamav clamav 0.96
clamav clamav 0.90.2_p0
clamav clamav 0.66
clamav clamav 0.51
clamav clamav 0.52
clamav clamav 0.22
clamav clamav 0.72
clamav clamav
clamav clamav 0.75
clamav clamav 0.05
clamav clamav 0.54
clamav clamav 0.87
clamav clamav 0.21
clamav clamav 0.88.7_p1
clamav clamav 0.67-1
clamav clamav 0.90.1
clamav clamav 0.91.1
clamav clamav 0.95.3
clamav clamav 0.88.3
clamav clamav 0.67
clamav clamav 0.92.1
clamav clamav 0.90.2
clamav clamav 0.68
clamav clamav 0.53
clamav clamav 0.93.2
clamav clamav 0.88.6
clamav clamav 0.94.1
clamav clamav 0.80_rc
clamav clamav 0.82
clamav clamav 0.73

Arkadiusz Miskiewicz and others discovered that the PDF processing code in libclamav improperly validated input This could allow a remote attacker to craft a PDF document that could crash clamav or possibly execute arbitrary code (CVE-2010-4260, CVE-2010-4479) ...

NVD-CWE-noinfo http://secunia.com/advisories/42426 https://bugzilla.redhat.com/show_bug.cgi?id=659861 http://openwall.com/lists/oss-security/2010/12/03/6 http://openwall.com/lists/oss-security/2010/12/03/1 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2380 http://openwall.com/lists/oss-security/2010/12/03/3 http://www.vupen.com/english/advisories/2010/3135 http://www.mandriva.com/security/advisories?name=MDVSA-2010:249 http://www.vupen.com/english/advisories/2010/3137 http://www.securityfocus.com/bid/45152 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051905.html http://xorl.wordpress.com/2010/12/06/cve-2010-4260-clamav-multiple-pdf-vulnerabilities/http://www.ubuntu.com/usn/USN-1031-1 http://www.vupen.com/english/advisories/2010/3185 http://secunia.com/advisories/42555 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052401.html http://www.securitytracker.com/id?1024818 http://secunia.com/advisories/42720 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://support.apple.com/kb/HT4581 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=master https://usn.ubuntu.com/1031-1/https://nvd.nist.gov

Get Started

CVE-2010-4479

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect