CVE-2010-3434

critical

Published 2010-09-30 · Modified 2026-04-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

9.3

Description

Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in ClamAV before 0.96.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. NOTE: some of these details are obtained from third party information.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

OS impact

Debian Fixed 5 releases

Version	Status	Fixed in
trixie	Fixed	`0.96.3+dfsg-1`
sid	Fixed	`0.96.3+dfsg-1`
forky	Fixed	`0.96.3+dfsg-1`
bullseye	Fixed	`0.96.3+dfsg-1`
bookworm	Fixed	`0.96.3+dfsg-1`

Application impact

Vendor	Product	Versions
clamav	clamav	`{"endIncluding":"0.96.2"}`
clamav	clamav	`0.01`
clamav	clamav	`0.02`
clamav	clamav	`0.3`
clamav	clamav	`0.03`
clamav	clamav	`0.05`
clamav	clamav	`0.9`
clamav	clamav	`0.10`
clamav	clamav	`0.12`
clamav	clamav	`0.13`
clamav	clamav	`0.14`
clamav	clamav	`0.15`
clamav	clamav	`0.20`
clamav	clamav	`0.21`
clamav	clamav	`0.22`
clamav	clamav	`0.23`
clamav	clamav	`0.24`
clamav	clamav	`0.51`
clamav	clamav	`0.52`
clamav	clamav	`0.53`
clamav	clamav	`0.54`
clamav	clamav	`0.60`
clamav	clamav	`0.60p`
clamav	clamav	`0.65`
clamav	clamav	`0.66`
clamav	clamav	`0.67`
clamav	clamav	`0.67-1`
clamav	clamav	`0.68`
clamav	clamav	`0.68.1`
clamav	clamav	`0.70`
clamav	clamav	`0.71`
clamav	clamav	`0.72`
clamav	clamav	`0.73`
clamav	clamav	`0.74`
clamav	clamav	`0.75`
clamav	clamav	`0.75.1`
clamav	clamav	`0.80`
clamav	clamav	`0.81`
clamav	clamav	`0.82`
clamav	clamav	`0.83`
clamav	clamav	`0.84`
clamav	clamav	`0.85`
clamav	clamav	`0.85.1`
clamav	clamav	`0.86`
clamav	clamav	`0.86.1`
clamav	clamav	`0.86.2`
clamav	clamav	`0.87`
clamav	clamav	`0.87.1`
clamav	clamav	`0.88`
clamav	clamav	`0.88.1`
clamav	clamav	`0.88.2`
clamav	clamav	`0.88.3`
clamav	clamav	`0.88.4`
clamav	clamav	`0.88.5`
clamav	clamav	`0.88.6`
clamav	clamav	`0.88.7`
clamav	clamav	`0.90`
clamav	clamav	`0.90.1`
clamav	clamav	`0.90.2`
clamav	clamav	`0.90.3`
clamav	clamav	`0.90.3_p0`
clamav	clamav	`0.90.3_p1`
clamav	clamav	`0.91`
clamav	clamav	`0.91.1`
clamav	clamav	`0.91.2`
clamav	clamav	`0.91.2_p0`
clamav	clamav	`0.92`
clamav	clamav	`0.92.1`
clamav	clamav	`0.92_p0`
clamav	clamav	`0.93`
clamav	clamav	`0.93.1`
clamav	clamav	`0.93.2`
clamav	clamav	`0.93.3`
clamav	clamav	`0.94`
clamav	clamav	`0.94.1`
clamav	clamav	`0.94.2`
clamav	clamav	`0.95`
clamav	clamav	`0.95.1`
clamav	clamav	`0.95.2`
clamav	clamav	`0.95.3`
clamav	clamav	`0.96`
clamav	clamav	`0.96.1`

References

CWEs

CWE-119

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.