CVE-2010-1640

Published: May 26, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blobdiff%3Bf=libclamav/pe_icons.c%3Bh=3f1bc5be69d0f9d84e576814d1a3cc6f40c4ff2c%3Bhp=39a714f05968f9e929576bf171dd0eb58bf06bef%3Bhb=7f0e3bbf77382d9782e0189bf80f5f59a95779b3%3Bhpb=f0eb394501ec21b9fe67f36cbf5db788711d4236

x_refsource_CONFIRM

[oss-security] 20100521 CVE Request: off by one DoS in pe_icons.c

mailing-list

x_refsource_MLIST

clamav-parseicon-dos(58825)

vdb-entry

x_refsource_XF

40318

vdb-entry

x_refsource_BID

ADV-2010-1214

vdb-entry

x_refsource_VUPEN

MDVSA-2010:110

vendor-advisory

x_refsource_MANDRIVA

SUSE-SR:2010:014

vendor-advisory

x_refsource_SUSE

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2031

x_refsource_CONFIRM

39895

third-party-advisory

x_refsource_SECUNIA

http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96.1

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2010-1640

Description

Affected Products

References