CVE-2010-1640Off-by-one Error in Clamav

CWE-189CWE-193Off-by-one Error6 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
3.3%
top 12.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ClamavDebian Clamav
Timeline
PublishedMay 26
Latest updateMay 17

Description

Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/clamav< clamav 0.96.1+dfsg-1 (bookworm)
Debianclamav/clamav< 0.96.1+dfsg-1+3
NVDclamav/clamav0.96

🔴Vulnerability Details

2
GHSA
GHSA-hm2c-p9qf-rh42: Off-by-one error in the parseicon function in libclamav/pe_icons2022-05-17
OSV
CVE-2010-1640: Off-by-one error in the parseicon function in libclamav/pe_icons2010-05-26

📋Vendor Advisories

2
Red Hat
AntiVirus: Off-by-one error (DoS, crash) by parsing a specially-crafted PE icon file2010-05-18
Debian
CVE-2010-1640: clamav - Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.9...2010

💬Community

1
Bugzilla
CVE-2010-1640 Clam AntiVirus: Off-by-one error (DoS, crash) by parsing a specially-crafted PE icon file2010-05-28