Vulnerability Details : CVE-2010-4260
Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396."
Vulnerability category: Execute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-4260
Probability of exploitation activity in the next 30 days: 16.16%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-4260
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
References for CVE-2010-4260
-
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:024
-
http://xorl.wordpress.com/2010/12/06/cve-2010-4260-clamav-multiple-pdf-vulnerabilities/
CVE-2010-4260: ClamAV Multiple PDF Vulnerabilities | xorl %eax, %eax
-
http://support.apple.com/kb/HT4581
About the security content of Mac OS X v10.6.7 and Security Update 2011-001 - Apple Support
-
http://www.vupen.com/english/advisories/2010/3135
Webmail | OVH- OVHVendor Advisory
-
http://www.vupen.com/english/advisories/2010/3185
Webmail | OVH- OVH
-
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2396
-
http://www.ubuntu.com/usn/USN-1031-1
USN-1031-1: ClamAV vulnerabilities | Ubuntu security notices
-
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
Apple - Lists.apple.com
-
http://www.securitytracker.com/id?1024818
Clam AntiVirus Bugs Let Remote Users Deny Service and Execute Arbitrary Code - SecurityTracker
-
http://openwall.com/lists/oss-security/2010/12/03/1
oss-security - clamav 0.96.5 released
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052401.html
[SECURITY] Fedora 13 Update: clamav-0.96.5-1300.fc13
-
http://openwall.com/lists/oss-security/2010/12/03/3
oss-security - Re: clamav 0.96.5 released
-
http://www.securityfocus.com/bid/45152
ClamAV Prior to 0.96.5 Multiple Vulnerabilities
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:249
mandriva.com
-
https://bugzilla.redhat.com/show_bug.cgi?id=659861
659861 – (CVE-2010-4260, CVE-2010-4261, CVE-2010-4479) CVE-2010-4260 CVE-2010-4261 CVE-2010-4479 clamav: multiple flaws corrected in 0.96.5
-
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2358
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051905.html
[SECURITY] Fedora 14 Update: clamav-0.96.5-1400.fc14
-
http://openwall.com/lists/oss-security/2010/12/03/6
oss-security - Re: clamav 0.96.5 released
- http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=master
-
http://www.vupen.com/english/advisories/2010/3137
Webmail | OVH- OVHVendor Advisory
Products affected by CVE-2010-4260
- cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.14:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.01:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.21:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.22:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.15:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.71:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.72:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.73:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.74:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.83:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.84:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.84:rc1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.84:rc2:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.60p:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.68:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.67:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.70:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.54:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.60:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.52:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.53:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.80:rc1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.80:rc2:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.80:rc3:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.80:rc4:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.86.2:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.86:rc1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.67-1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.10:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.03:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.14:pre:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.13:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.51:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.24:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.75.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.80:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.81:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.82:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.85:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.86:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.66:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.65:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.68.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.05:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.02:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.20:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.12:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.23:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.70:rc:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.75:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.8:rc3:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.80:rc:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.80_rc:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.81:rc1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.85.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.86.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.87.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.87:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.88.2:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.88.3:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.88:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.88.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.91.2:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90:rc3:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.88.7_p0:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.88.7:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90.3_p1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90.2_p0:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90.3:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90:rc1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90:rc1.1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.88.4:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90.1_p0:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.91:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.91.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90:rc2:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.88.7_p1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90.3_p0:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.92_p0:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.91:rc1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.91:rc2:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.9:rc1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.88.5:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.88.6:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90.2:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.91.2_p0:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.94.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.93.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.94:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.93.2:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.92.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.93:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.92:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.93.3:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.94.2:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.95:src1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.95:src2:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.95:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.95:rc2:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.95.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.95:rc1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.96:rc1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.95.2:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.95.3:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.96:rc2:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.96:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.96.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.96.2:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.96.3:*:*:*:*:*:*:*