[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-1311Date: (C)2010-04-08   (M)2024-02-22


The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
BID-39262
SECUNIA-39293
SECUNIA-39329
SECUNIA-39656
ADV-2010-0827
ADV-2010-0832
ADV-2010-0909
ADV-2010-1001
ADV-2010-1206
APPLE-SA-2010-08-24-1
MDVSA-2010:082
SUSE-SR:2010:010
USN-926-1
http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96
http://support.apple.com/kb/HT4312
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771

CPE    93
cpe:/a:clamav:clamav:0.21
cpe:/a:clamav:clamav:0.20
cpe:/a:clamav:clamav:0.23
cpe:/a:clamav:clamav:0.22
...
CWE    1
CWE-20
OVAL    5
oval:org.secpod.oval:def:700026
oval:org.secpod.oval:def:300159
oval:org.secpod.oval:def:300270
oval:org.secpod.oval:def:3740
...

© SecPod Technologies