ID CVE-2010-1640
Summary Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling.
References
Vulnerable Configurations
  • cpe:2.3:a:clamav:clamav:0.96:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.96:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 17-08-2017 - 01:32)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
bid 40318
confirm
mandriva MDVSA-2010:110
mlist [oss-security] 20100521 CVE Request: off by one DoS in pe_icons.c
secunia 39895
suse SUSE-SR:2010:014
vupen ADV-2010-1214
xf clamav-parseicon-dos(58825)
Last major update 17-08-2017 - 01:32
Published 26-05-2010 - 18:30
Last modified 17-08-2017 - 01:32
Back to Top