Vulnerabilities > CVE-2010-1639 - Unspecified vulnerability in Clamav

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
clamav
nessus

Summary

The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length.

Vulnerable Configurations

Part Description Count
Application
Clamav
132

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_CLAMAV-100526.NASL
    descriptionThis update fixes a off-by-one buffer overflow (CVE-2010-1640) and a crash while parsing PDFs (CVE-2010-1639, CVE-2010-2077) in clamav that can be used as a remote denial of service attack.
    last seen2020-06-01
    modified2020-06-02
    plugin id47797
    published2010-07-22
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47797
    titleopenSUSE Security Update : clamav (openSUSE-SU-2010:0414-1)
  • NASL familyMisc.
    NASL idCLAMAV_0_96_1.NASL
    descriptionAccording to its version, the clamd antivirus daemon on the remote host is earlier than 0.96.1. Such versions are reportedly affected by multiple vulnerabilities : - An error exists within the
    last seen2020-06-01
    modified2020-06-02
    plugin id46706
    published2010-05-24
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/46706
    titleClamAV < 0.96.1 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12619.NASL
    descriptionThis update fixes the following security issues in clamav that can be used as a remote denial of service attack : - An off-by-one buffer overflow. (CVE-2010-1640) - A crash while parsing PDFs. (CVE-2010-1639, CVE-2010-2077)
    last seen2020-06-01
    modified2020-06-02
    plugin id47795
    published2010-07-22
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47795
    titleSuSE9 Security Update : clamav (YOU Patch Number 12619)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-2741.NASL
    descriptionUpdate to 0.97 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id52646
    published2011-03-14
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52646
    titleFedora 13 : clamav-0.97-1300.fc13 (2011-2741)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-945-1.NASL
    descriptionIt was discovered that ClamAV did not properly reallocate memory when processing certain PDF files. A remote attacker could send a specially crafted PDF and crash ClamAV. (CVE-2010-1639) An out of bounds memory access flaw was discovered in ClamAV. A remote attacker could send a specially crafted Portable Executable (PE) file and crash ClamAV. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-2077). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id46752
    published2010-05-28
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/46752
    titleUbuntu 9.04 / 9.10 / 10.04 LTS : clamav vulnerabilities (USN-945-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201009-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201009-06 (Clam AntiVirus: Multiple vulnerabilities) Multiple vulnerabilities were discovered in Clam AntiVirus. For further information, please consult the CVE entries referenced below. Impact : A remote attacker could possibly bypass virus detection or cause a Denial of Service. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id49127
    published2010-09-08
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49127
    titleGLSA-201009-06 : Clam AntiVirus: Multiple vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-110.NASL
    descriptionMultiple vulnerabilities was discovered and fixed in clamav : The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length (CVE-2010-1639). Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling (CVE-2010-1640). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4 90 This update provides clamav 0.96.1 which is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id46744
    published2010-05-28
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/46744
    titleMandriva Linux Security Advisory : clamav (MDVSA-2010:110)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-2732.NASL
    descriptionUpdate to 0.97 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id52591
    published2011-03-09
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52591
    titleFedora 15 : clamav-0.97-1500.fc15 (2011-2732)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-2743.NASL
    descriptionUpdate to 0.97 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id52647
    published2011-03-14
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52647
    titleFedora 14 : clamav-0.97-1400.fc14 (2011-2743)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-13012.NASL
    descriptionUpdate to clamav 0.96.1 which fixes: CVE-2010-1639 Clam AntiVirus: Heap-based overflow, when processing malicious PDF file(s) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id48366
    published2010-08-19
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/48366
    titleFedora 14 : clamav-0.96.1-1401.fc14 (2010-13012)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_CLAMAV-100526.NASL
    descriptionThis update fixes a off-by-one buffer overflow (CVE-2010-1640) and a crash while parsing PDFs (CVE-2010-1639, CVE-2010-2077) in clamav that can be used as a remote denial of service attack.
    last seen2020-06-01
    modified2020-06-02
    plugin id47798
    published2010-07-22
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47798
    titleopenSUSE Security Update : clamav (openSUSE-SU-2010:0414-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_CLAMAV-7056.NASL
    descriptionThis update fixes the following security issues in clamav that can be used as a remote denial of service attack : - An off-by-one buffer overflow. (CVE-2010-1640) - A crash while parsing PDFs (CVE-2010-1639 / CVE-2010-2077)
    last seen2020-06-01
    modified2020-06-02
    plugin id49838
    published2010-10-11
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49838
    titleSuSE 10 Security Update : clamav (ZYPP Patch Number 7056)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_CLAMAV-100526.NASL
    descriptionThis update fixes the following security issues in clamav that can be used as a remote denial of service attack : - A off-by-one buffer overflow. (CVE-2010-1640) - A crash while parsing PDFs (CVE-2010-1639 / CVE-2010-2077)
    last seen2020-06-01
    modified2020-06-02
    plugin id50897
    published2010-12-02
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50897
    titleSuSE 11 / 11.1 Security Update : clamav (SAT Patch Numbers 2479 / 2480)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_CLAMAV-100526.NASL
    descriptionThis update fixes a off-by-one buffer overflow (CVE-2010-1640) and a crash while parsing PDFs (CVE-2010-1639, CVE-2010-2077) in clamav that can be used as a remote denial of service attack.
    last seen2020-06-01
    modified2020-06-02
    plugin id47796
    published2010-07-22
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47796
    titleopenSUSE Security Update : clamav (openSUSE-SU-2010:0414-1)