CVE-2010-1311

Publication date 9 April 2010

Last updated 24 July 2024

Ubuntu priority

The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
clamav	9.10 karmic	Fixed 0.95.3+dfsg-1ubuntu0.09.10.1
	9.04 jaunty	Fixed 0.95.3+dfsg-1ubuntu0.09.04.1
	8.10 intrepid	Fixed 0.95.3+dfsg-1ubuntu0.09.04~intrepid3
	8.04 LTS hardy	Fixed 0.95.3+dfsg-1ubuntu0.09.04~hardy2.3
	6.06 LTS dapper	Fixed 0.95.3+dfsg-1ubuntu0.09.04~dapper3

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

DoS via crafted CAB file

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-926-1
ClamAV vulnerabilities
8 April 2010

Other references

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771
https://www.cve.org/CVERecord?id=CVE-2010-1311