CVE-2010-1640

Publication date 27 May 2010

Last updated 24 July 2024

Ubuntu priority

Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
clamav	10.04 LTS lucid	Fixed 0.96.1+dfsg-0ubuntu0.10.04.1
	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

patched as CVE-2010-2077 in USN-945-1 does not affect 0.95.3 and lower

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2010-1640