ClamAV 'find_stream_bounds()' PDF File Processing Denial Of Service Vulnerability Network Vulnerability

Summary

ClamAV is prone to a denial-of-service vulnerability because it fails to properly bounds-check specially crafted PDF files. An attacker can exploit this issue to cause denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible this has not been confirmed. ClamAV 0.96.2 is vulnerable other versions may also be affected.

Solution

Updates are available. Please see the references for more information.

References

http://comments.gmane.org/gmane.comp.security.oss.general/3547
http://www.clamav.net/
https://www.securityfocus.com/bid/43555

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-3434
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

3com switch2hub
Check for RealServer DoS
Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Linux)
Apple iTunes Local Privilege Escalation Vulnerability
Apple QuickTime Multiple Denial of Service Vulnerabilities - (Windows)

Take action and discover your vulnerabilities