CVE-2010-4260

Published: 07 December 2010

Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396."

Priority

Medium

Status

Package Release Status
clamav
Launchpad, Ubuntu, Debian
Upstream
Released (0.96.5)
Patches:
Debdiff: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/673654
This vulnerability is mitigated in part by an AppArmor profile.

Notes

AuthorNote
jdstrand
0.96 only. Affected code in libclamav/pdf.c:find_stream_bounds(),
filter_flatedecode(), and find_length(), none of which are in 0.95.
the affected code was introduced in patch series culminating in
208ecece9c657b4e2a3e9d3ce9b6c58f471d7884 ("New PDF parser with better
javascript support (bb #1596)"

References

Bugs