CVE-2010-4261 — Out-of-bounds Write in Clamav

CWE-1897 documents6 sources

Severity

7.5HIGHNVD

EPSS

13.9%

top 5.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Debian Clamav

Timeline

PublishedDec 7

Latest updateMay 17

Description

Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/clamav< clamav 0.96.5+dfsg-1 (bookworm)

▶Debianclamav/clamav< 0.96.5+dfsg-1+3

▶NVDclamav/clamav0.96.4+89

🔴Vulnerability Details

GHSA

GHSA-7686-g7vr-w687: Off-by-one error in the icon_cb function in pe_icons↗2022-05-17

▶

OSV

CVE-2010-4261: Off-by-one error in the icon_cb function in pe_icons↗2010-12-07

▶

📋Vendor Advisories

Ubuntu

ClamAV vulnerabilities↗2010-12-10

▶

Debian

CVE-2010-4261: clamav - Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV be...↗2010

▶

💬Community

Bugzilla

CVE-2010-4260 CVE-2010-4261 CVE-2010-4479 clamav: multiple flaws corrected in 0.96.5 [fedora-all]↗2010-12-03

▶

Bugzilla

CVE-2010-4260 CVE-2010-4261 CVE-2010-4479 clamav: multiple flaws corrected in 0.96.5↗2010-12-03

▶