CVE Reference: CVE-2010-1640

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2010-1640

Description:
Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/58825

SUSE
  http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

SAID
  Secunia Advisory: SA39895

MLIST
  http://www.openwall.com/lists/oss-security/2010/05/21/7

MANDRIVA
  http://www.mandriva.com/security/advisories?name=MDVSA-2010:110

CONFIRM
  http://git.clamav.net/gitweb?p=clamav-devel.git;a=blobdiff;f=libclamav/pe_icons.c;h=3f1bc5be69d0f9d84e576814d1a3cc6f40c4ff2c;hp=39a714f05968f9e929576bf171dd0eb58bf06bef;hb=7f0e3bbf77382d9782e0189bf80f5f59a95779b3;hpb=f0eb394501ec21b9fe67f36cbf5db788711d42
  http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96.1

BID
  40318


Return to the previous page.