1
Candidate: CVE-2010-3434
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3434
5
http://www.openwall.com/lists/oss-security/2010/09/22/1
7
Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in
8
ClamAV before 0.96.3 allows remote attackers to cause a denial of service
9
(application crash) or possibly execute arbitrary code via a crafted PDF
10
document. NOTE: some of these details are obtained from third party
14
mdeslaur> pdf library in clamav < 0.96.2 is completely different and
15
mdeslaur> doesn't seem affected by the reproducer.
17
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2226
23
upstream: http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=dc5143b4669ae39c79c9af50d569c28c798f33da
24
upstream_clamav: released (0.96.3)
25
dapper_clamav: not-affected (0.95.3+dfsg-1ubuntu0.09.04~dapper4.1)
26
hardy_clamav: not-affected (0.95.3+dfsg-1ubuntu0.09.04~hardy2.5)
27
jaunty_clamav: not-affected (0.95.3+dfsg-1ubuntu0.09.04.3)
28
karmic_clamav: not-affected (0.95.3+dfsg-1ubuntu0.09.10.3)
29
lucid_clamav: not-affected (0.96.1+dfsg-0ubuntu0.10.04.2)
30
maverick_clamav: not-affected (0.96.3+dfsg-2ubuntu1)
31
devel_clamav: not-affected (0.96.3+dfsg-2ubuntu1)