ClamAV 'find_stream_bounds()' PDF File Processing Denial Of Service Vulnerability Network Vulnerability

Summary

ClamAV is prone to a denial-of-service vulnerability because it fails to properly bounds-check specially crafted PDF files. An attacker can exploit this issue to cause denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible this has not been confirmed. ClamAV 0.96.2 is vulnerable other versions may also be affected.

Solution

Updates are available. Please see the references for more information.

References

http://comments.gmane.org/gmane.comp.security.oss.general/3547
http://www.clamav.net/
https://www.securityfocus.com/bid/43555

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-3434

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

CUPS Subscription Incorrectly uses Guest Account DoS Vulnerability
CiscoKits CCNA TFTP Server 'Write' Command Denial Of Service Vulnerability
Azeotech DAQFactory NETB Datagram Parsing Stack Buffer Overflow Vulnerability
Cogent DataHub Multiple Vulnerabilities
Apache 'mod_proxy_http.c' Denial Of Service Vulnerability

Take action and discover your vulnerabilities