Bug 659861 (CVE-2010-4260, CVE-2010-4261, CVE-2010-4479) - CVE-2010-4260 CVE-2010-4261 CVE-2010-4479 clamav: multiple flaws corrected in 0.96.5
Summary: CVE-2010-4260 CVE-2010-4261 CVE-2010-4479 clamav: multiple flaws corrected in...
Status: CLOSED UPSTREAM
Alias: CVE-2010-4260, CVE-2010-4261, CVE-2010-4479
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: public=20101129,reported=20101203,sou...
Keywords: Security
Depends On: 659862
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-12-03 22:03 UTC by Vincent Danen
Modified: 2019-06-10 10:57 UTC (History)
5 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2019-06-10 10:57:28 UTC


Attachments (Terms of Use)

Description Vincent Danen 2010-12-03 22:03:53 UTC
Two flaws were reported to have been corrected in ClamAV 0.96.5 [1]:

1) Multiple errors within the processing of PDF files can be exploited to e.g. cause a crash. (CVE-2010-4260)

2) An off-by-one error within the "icon_cb()" function can be exploited to cause a memory corruption. (CVE-2010-4261)

Current Fedora version of ClamAV is 0.96.4 and is vulnerable to these issues.

[1] http://secunia.com/advisories/42426/

Comment 1 Vincent Danen 2010-12-07 21:35:42 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4479 to
the following vulnerability:

Name: CVE-2010-4479
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4479
Assigned: 20101206
Reference: MLIST:[oss-security] 20101203 Re: clamav 0.96.5 released
Reference: URL: http://openwall.com/lists/oss-security/2010/12/03/6
Reference: MLIST:[oss-security] 20101203 Re: clamav 0.96.5 released
Reference: URL: http://openwall.com/lists/oss-security/2010/12/03/3
Reference: MLIST:[oss-security] 20101203 clamav 0.96.5 released
Reference: URL: http://openwall.com/lists/oss-security/2010/12/03/1
Reference: CONFIRM: http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=master
Reference: CONFIRM: https://bugzilla.redhat.com/show_bug.cgi?id=659861
Reference: CONFIRM: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2380
Reference: SECUNIA:42426
Reference: URL: http://secunia.com/advisories/42426

Unspecified vulnerability in pdf.c in libclamav in ClamAV before
0.96.5 allows remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
PDF document, aka "bb #2380," a different vulnerability than
CVE-2010-4260.

Comment 2 Product Security DevOps Team 2019-06-10 10:57:28 UTC
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.


Note You need to log in before you can comment on or make changes to this bug.