ClamAV 'cli_pdf()' And 'cli_scanicon()' Denial Of Service Vulnerabilities (Win Network Vulnerability

Summary

This host has ClamAV installed, and is prone to multiple Denial of Service vulnerabilities.

Impact

Successful exploitation will allow attackers to cause a denial of service. Impact Level: Application

Solution

Upgrade to ClamAV 0.96.1 or later, For updates refer to http://www.clamav.net

Insight

The flaws are due to: - Errors exists within the 'cli_pdf()' function in 'libclamav/pdf.c' when processing certain 'PDF' files. This can be exploited to cause a crash. - Error exists within the 'parseicon()' function in 'libclamav/pe_icons.c' when processing 'PE' icons. This can be exploited to trigger an out-of-bounds access when reading data and potentially cause a crash.

Affected

ClamAV version prior to 0.96.1 (1.0.26) on Windows.

Severity

Classification

CVE CVE-2010-1639, CVE-2010-1640
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

FreeRADIUS Tunnel-Password Denial Of Service Vulnerability
BadBlue invalid GET DoS
ClamAV Prior to 0.96.5 Multiple Vulnerabilities
Comodo Internet Security Denial of Service Vulnerability-04
Apache Subversion 'mod_dav_svn' log REPORT Request DoS Vulnerability

ClamAV 'cli_pdf()' and 'cli_scanicon()' Denial of Service Vulnerabilities (Win

Take action and discover your vulnerabilities