CVE-2010-3434

Name: CVE-2010-3434
Creator: NVD / NIST
Published: 2010-09-30T15:00:04.393+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 6.53%

Last modified Jun 16, 2026

CVE-2010-3434 is a vulnerability of currently unknown severity. Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in ClamAV before 0.96.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. NOTE: some of these details are obtained from third party information.. EPSS estimates a 6.53% chance of exploitation in the next 30 days.

Description

Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in ClamAV before 0.96.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. NOTE: some of these details are obtained from third party information.

Metrics

EPSS Probability

6.53%

92.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions	Update
Clamav	Clamav	<= 0.96.2	—
Clamav	Clamav	0.01	—
Clamav	Clamav	0.02	—
Clamav	Clamav	0.3	—
Clamav	Clamav	0.03	—
Clamav	Clamav	0.05	—
Clamav	Clamav	0.9	Rc1
Clamav	Clamav	0.10	—
Clamav	Clamav	0.12	—
Clamav	Clamav	0.13	—
Clamav	Clamav	0.14	—
Clamav	Clamav	0.15	—
Clamav	Clamav	0.20	—
Clamav	Clamav	0.21	—
Clamav	Clamav	0.22	—
Clamav	Clamav	0.23	—
Clamav	Clamav	0.24	—
Clamav	Clamav	0.51	—
Clamav	Clamav	0.52	—
Clamav	Clamav	0.53	—
Clamav	Clamav	0.54	—
Clamav	Clamav	0.60	—
Clamav	Clamav	0.60p	—
Clamav	Clamav	0.65	—
Clamav	Clamav	0.66	—
Clamav	Clamav	0.67	—
Clamav	Clamav	0.67-1	—
Clamav	Clamav	0.68	—
Clamav	Clamav	0.68.1	—
Clamav	Clamav	0.70	—
Clamav	Clamav	0.71	—
Clamav	Clamav	0.72	—
Clamav	Clamav	0.73	—
Clamav	Clamav	0.74	—
Clamav	Clamav	0.75	—
Clamav	Clamav	0.75.1	—
Clamav	Clamav	0.80	—
Clamav	Clamav	0.81	—
Clamav	Clamav	0.82	—
Clamav	Clamav	0.83	—
Clamav	Clamav	0.84	—
Clamav	Clamav	0.85	—
Clamav	Clamav	0.85.1	—
Clamav	Clamav	0.86	—
Clamav	Clamav	0.86.1	—
Clamav	Clamav	0.86.2	—
Clamav	Clamav	0.87	—
Clamav	Clamav	0.87.1	—
Clamav	Clamav	0.88	—
Clamav	Clamav	0.88.1	—

Showing 50 of 82 affected configurations. See NVD for the full list.

References

Timeline

Published: Sep 30, 2010
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2010-3434?

How severe is CVE-2010-3434?

Severity scoring for CVE-2010-3434 is pending analysis. The EPSS model estimates a 6.53% probability of exploitation in the next 30 days.

How do I fix CVE-2010-3434?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-3434?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST