CVE-2010-3434

ClamAV < 0.96.3 - Buffer Overflow in PDF Stream Bounds Parsing

Title source: llm
STIX 2.1

Description

Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in ClamAV before 0.96.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. NOTE: some of these details are obtained from third party information.

References (12)

Core 12
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/09/28/5
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/09/27/6
Various Sources x_refsource_confirm
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2226
Patch, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2455
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
Third Party Advisory x_refsource_confirm
http://security-tracker.debian.org/tracker/CVE-2010-3434
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/09/22/1
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/09/28/3
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4581

Scores

EPSS 0.0653
EPSS Percentile 93.0%

Details

CWE
CWE-119
Status published
Products (44)
clamav/clamav 0.01
clamav/clamav 0.02
clamav/clamav 0.3
clamav/clamav 0.03
clamav/clamav 0.05
clamav/clamav 0.9 rc1
clamav/clamav 0.10
clamav/clamav 0.12
clamav/clamav 0.13
clamav/clamav 0.14
... and 34 more
Published Sep 30, 2010
Tracked Since Feb 18, 2026