Candidate: CVE-2010-3434
PublicDate: 2010-09-30 15:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3434
 http://www.openwall.com/lists/oss-security/2010/09/22/1
Description:
 Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in
 ClamAV before 0.96.3 allows remote attackers to cause a denial of service
 (application crash) or possibly execute arbitrary code via a crafted PDF
 document.  NOTE: some of these details are obtained from third party
 information.
Ubuntu-Description:
Notes:
 mdeslaur> pdf library in clamav < 0.96.2 is completely different and
 mdeslaur> doesn't seem affected by the reproducer.
Bugs:
 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2226
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_clamav:
 upstream: http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=dc5143b4669ae39c79c9af50d569c28c798f33da
upstream_clamav: released (0.96.3)
dapper_clamav: not-affected (0.95.3+dfsg-1ubuntu0.09.04~dapper4.1)
hardy_clamav: not-affected (0.95.3+dfsg-1ubuntu0.09.04~hardy2.5)
jaunty_clamav: not-affected (0.95.3+dfsg-1ubuntu0.09.04.3)
karmic_clamav: not-affected (0.95.3+dfsg-1ubuntu0.09.10.3)
lucid_clamav: not-affected (0.96.1+dfsg-0ubuntu0.10.04.2)
maverick_clamav: not-affected (0.96.3+dfsg-2ubuntu1)
devel_clamav: not-affected (0.96.3+dfsg-2ubuntu1)