ClamAV 'find_stream_bounds()' PDF File Processing Denial Of Service Vulnerability Network Vulnerability

Summary

ClamAV is prone to a denial-of-service vulnerability because it fails to properly bounds-check specially crafted PDF files. An attacker can exploit this issue to cause denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible this has not been confirmed. ClamAV 0.96.2 is vulnerable other versions may also be affected.

Solution

Updates are available. Please see the references for more information.

References

http://comments.gmane.org/gmane.comp.security.oss.general/3547
http://www.clamav.net/
https://www.securityfocus.com/bid/43555

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-3434

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

AppSocket DoS
Aast! Antivirus 'aavmker4.sys' Denial Of Service Vulnerability (Win)
Check for RealServer DoS
Colasoft Capsa Malformed SNMP V1 Packet Remote Denial of Service Vulnerability
Adobe Flash Media Server Multiple Denial of Service Vulnerabilities

Take action and discover your vulnerabilities