From the Secunia advisory at http://secunia.com/advisories/42426/: 1) Multiple errors within the processing of PDF files can be exploited to e.g. cause a crash. 2) An off-by-one error within the "icon_cb()" function can be exploited to cause a memory corruption. These are reported as fixed in 0.96.5.
*** Bug 347666 has been marked as a duplicate of this bug. ***
CVEs from http://permalink.gmane.org/gmane.comp.security.oss.general/3883. <-- > > Seems like two security issues: > > "1) Multiple errors within the processing of PDF files can be > exploited to e.g. cause a crash. Please use CVE-2010-4260 > > 2) An off-by-one error within the "icon_cb()" function can be > exploited to cause a memory corruption." > Please use CVE-2010-4261
*** Bug 347700 has been marked as a duplicate of this bug. ***
*** Bug 347735 has been marked as a duplicate of this bug. ***
Bumped after talking back with radhermit on irc.
Arches, please test and mark stable: =app-antivirus/clamav-0.96.5 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
x86 stable
Tested on SPARC, works just fine. Stabilisation asap would be ideal.
I'm not an arch member, anyway the unstable package version seems to compile and work fine on my amd64 server.
Stable for HPPA.
amd64 done
ppc done
alpha/ia64/sparc stable
ppc64 stable. @security: last arch done
Thanks, everyone. GLSA Vote: Yes, CVE-2010-4261 scores a 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) according to the NVD.
Yes, together with #338226.
CVE-2010-4261 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4261): Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information. CVE-2010-4260 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4260): Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396."
CVE-2010-4479 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4479): Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka "bb #2380," a different vulnerability than CVE-2010-4260.
Rerating B1 since clamav often runs in automated systems where it simply scans all email processed, i.e. no user action is required to be exploited.
This issue was resolved and addressed in GLSA 201110-20 at http://security.gentoo.org/glsa/glsa-201110-20.xml by GLSA coordinator Tim Sammut (underling).