5

CVE-2010-1311

The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format.  NOTE: some of these details are obtained from third party information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ClamavClamav Updaterc2 Version <= 0.96
ClamavClamav Version0.01
ClamavClamav Version0.02
ClamavClamav Version0.3
ClamavClamav Version0.03
ClamavClamav Version0.05
ClamavClamav Version0.9 Updaterc1
ClamavClamav Version0.10
ClamavClamav Version0.12
ClamavClamav Version0.13
ClamavClamav Version0.14
ClamavClamav Version0.14 Updatepre
ClamavClamav Version0.15
ClamavClamav Version0.20
ClamavClamav Version0.21
ClamavClamav Version0.22
ClamavClamav Version0.23
ClamavClamav Version0.24
ClamavClamav Version0.51
ClamavClamav Version0.52
ClamavClamav Version0.53
ClamavClamav Version0.54
ClamavClamav Version0.60
ClamavClamav Version0.60p
ClamavClamav Version0.65
ClamavClamav Version0.66
ClamavClamav Version0.67
ClamavClamav Version0.67-1
ClamavClamav Version0.68
ClamavClamav Version0.68.1
ClamavClamav Version0.70
ClamavClamav Version0.70 Updaterc
ClamavClamav Version0.71
ClamavClamav Version0.72
ClamavClamav Version0.73
ClamavClamav Version0.74
ClamavClamav Version0.75
ClamavClamav Version0.75.1
ClamavClamav Version0.80
ClamavClamav Version0.80 Updaterc
ClamavClamav Version0.80 Updaterc2
ClamavClamav Version0.80 Updaterc3
ClamavClamav Version0.80 Updaterc4
ClamavClamav Version0.81
ClamavClamav Version0.82
ClamavClamav Version0.83
ClamavClamav Version0.84
ClamavClamav Version0.84 Updaterc1
ClamavClamav Version0.84 Updaterc2
ClamavClamav Version0.85
ClamavClamav Version0.85.1
ClamavClamav Version0.86
ClamavClamav Version0.86 Updaterc1
ClamavClamav Version0.86.1
ClamavClamav Version0.86.2
ClamavClamav Version0.87
ClamavClamav Version0.87.1
ClamavClamav Version0.88
ClamavClamav Version0.88.1
ClamavClamav Version0.88.2
ClamavClamav Version0.88.3
ClamavClamav Version0.88.4
ClamavClamav Version0.88.5
ClamavClamav Version0.88.6
ClamavClamav Version0.88.7
ClamavClamav Version0.90
ClamavClamav Version0.90 Updaterc1
ClamavClamav Version0.90 Updaterc1.1
ClamavClamav Version0.90 Updaterc2
ClamavClamav Version0.90 Updaterc3
ClamavClamav Version0.90.1
ClamavClamav Version0.90.2
ClamavClamav Version0.90.3
ClamavClamav Version0.91
ClamavClamav Version0.91 Updaterc1
ClamavClamav Version0.91 Updaterc2
ClamavClamav Version0.91.1
ClamavClamav Version0.91.2
ClamavClamav Version0.92
ClamavClamav Version0.92.1
ClamavClamav Version0.93
ClamavClamav Version0.93.1
ClamavClamav Version0.93.2
ClamavClamav Version0.93.3
ClamavClamav Version0.94
ClamavClamav Version0.94.1
ClamavClamav Version0.94.2
ClamavClamav Version0.95
ClamavClamav Version0.95 Updaterc1
ClamavClamav Version0.95 Updaterc2
ClamavClamav Version0.95.1
ClamavClamav Version0.95.2
ClamavClamav Version0.95.3
ClamavClamav Version0.96 Updaterc1
ClamavsClamav Version0.04
ClamavsClamav Version0.06
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.35% 0.871
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
http://secunia.com/advisories/39656
http://www.vupen.com/english/advisories/2010/1001
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
http://support.apple.com/kb/HT4312
http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96
http://secunia.com/advisories/39293
http://secunia.com/advisories/39329
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:082
http://www.securityfocus.com/bid/39262
Patch
http://www.ubuntu.com/usn/USN-926-1
http://www.vupen.com/english/advisories/2010/0827
http://www.vupen.com/english/advisories/2010/0832
http://www.vupen.com/english/advisories/2010/0909
http://www.vupen.com/english/advisories/2010/1206
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771