CVE-2010-1640

2010-05-26 20:30:01 2017-08-17 03:32:26

Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

ClamAV 0.96

Clamav - Clamav

Advisory	Patch	Confirmed	Link
			[oss-security] 20100521 CVE Request: off by one DoS in p...
			40318
			ADV-2010-1214
			clamav-parseicon-dos(58825)
			MDVSA-2010:110
			SUSE-SR:2010:014
			http://git.clamav.net/gitweb?p=clamav-devel.git;a=blobdi...
			http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_p...
			https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2031

CVE-2010-1640

2010-05-26 20:30:01 2017-08-17 03:32:26

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)