CVE-2010-1311 [中] | Input Validation Bypass（Clamav）

The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information.

#	日付	旧 EPSS スコア	新 EPSS スコア	Δ（新 − 旧）
1	2026-06-15	8.54%	3.35%	-5.19%
2	2026-02-20	5.06%	8.54%	+3.48%
3	2025-12-28	—	5.06%	—

日付

旧 EPSS スコア

新 EPSS スコア

Δ（新 − 旧）

2026-06-15

8.54%

3.35%

-5.19%

2026-02-20

5.06%

8.54%

+3.48%

2025-12-28

—

5.06%

—

ベーススコア	バージョン	深刻度	ベクトル	悪用しやすさ	影響	スコアの出典
5.0	2.0	MEDIUM	`AV:N/AC:L/Au:N/C:N/I:N/A:P` クリックして展開アクセス経路 (AV:N) ルーティング可能なネットワーク越しに、遠隔から到達・悪用しうる。アクセスの複雑さ (AC:L) 手順が短く、再現性が高い。認証 (AU:N) 認証を経ずに攻撃を完結できる。機密性への影響 (C:N) 機密性は損なわれない。完全性への影響 (I:N) 完全性は損なわれない。可用性への影響 (A:P) 可用性は部分的に損なわれる。	10.0	2.9	[email protected]

ベーススコア

バージョン

深刻度

ベクトル

悪用しやすさ

影響

スコアの出典

5.0

2.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P クリックして展開

アクセス経路 (AV:N): ルーティング可能なネットワーク越しに、遠隔から到達・悪用しうる。
アクセスの複雑さ (AC:L): 手順が短く、再現性が高い。
認証 (AU:N): 認証を経ずに攻撃を完結できる。
機密性への影響 (C:N): 機密性は損なわれない。
完全性への影響 (I:N): 完全性は損なわれない。
可用性への影響 (A:P): 可用性は部分的に損なわれる。

10.0

2.9

[email protected]

CVE-2010-1311 の OS トラッカー

vendor	priority	summary	link
`debian`	low	CVE-2010-1311 low priority: Debian including 1 source packages (clamav), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2010-1311
`gentoo`	normal	CVE-2010-1311: 1 GLSA(s) (201009-06), 1 atom(s) (app-antivirus/clamav); latest impact normal.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2010-1311
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2010-1311
`ubuntu`	medium	CVE-2010-1311 medium priority: Ubuntu including 1 source packages (clamav), 6 status rows across 6 suites (dapper, hardy, intrepid, jaunty, karmic, upstream): released 6.	https://ubuntu.com/security/CVE-2010-1311

CVE-2010-1311 の影響を受けるソフトウェア／構成

ベンダー	製品	バージョン	生の CPE
clamav	clamav	<= 0.96	cpe:2.3:a:clamav:clamav::rc2::::::*
clamav	clamav	0.01	cpe:2.3:a:clamav:clamav:0.01:::::::*
clamav	clamav	0.02	cpe:2.3:a:clamav:clamav:0.02:::::::*
clamav	clamav	0.3	cpe:2.3:a:clamav:clamav:0.3:::::::*
clamav	clamav	0.03	cpe:2.3:a:clamav:clamav:0.03:::::::*
clamav	clamav	0.05	cpe:2.3:a:clamav:clamav:0.05:::::::*
clamav	clamav	0.9	cpe:2.3:a:clamav:clamav:0.9:rc1::::::
clamav	clamav	0.10	cpe:2.3:a:clamav:clamav:0.10:::::::*
clamav	clamav	0.12	cpe:2.3:a:clamav:clamav:0.12:::::::*
clamav	clamav	0.13	cpe:2.3:a:clamav:clamav:0.13:::::::*
clamav	clamav	0.14	cpe:2.3:a:clamav:clamav:0.14:::::::*
clamav	clamav	0.14	cpe:2.3:a:clamav:clamav:0.14:pre::::::
clamav	clamav	0.15	cpe:2.3:a:clamav:clamav:0.15:::::::*
clamav	clamav	0.20	cpe:2.3:a:clamav:clamav:0.20:::::::*
clamav	clamav	0.21	cpe:2.3:a:clamav:clamav:0.21:::::::*
clamav	clamav	0.22	cpe:2.3:a:clamav:clamav:0.22:::::::*
clamav	clamav	0.23	cpe:2.3:a:clamav:clamav:0.23:::::::*
clamav	clamav	0.24	cpe:2.3:a:clamav:clamav:0.24:::::::*
clamav	clamav	0.51	cpe:2.3:a:clamav:clamav:0.51:::::::*
clamav	clamav	0.52	cpe:2.3:a:clamav:clamav:0.52:::::::*
clamav	clamav	0.53	cpe:2.3:a:clamav:clamav:0.53:::::::*
clamav	clamav	0.54	cpe:2.3:a:clamav:clamav:0.54:::::::*
clamav	clamav	0.60	cpe:2.3:a:clamav:clamav:0.60:::::::*
clamav	clamav	0.60p	cpe:2.3:a:clamav:clamav:0.60p:::::::*
clamav	clamav	0.65	cpe:2.3:a:clamav:clamav:0.65:::::::*
clamav	clamav	0.66	cpe:2.3:a:clamav:clamav:0.66:::::::*
clamav	clamav	0.67	cpe:2.3:a:clamav:clamav:0.67:::::::*
clamav	clamav	0.67-1	cpe:2.3:a:clamav:clamav:0.67-1:::::::*
clamav	clamav	0.68	cpe:2.3:a:clamav:clamav:0.68:::::::*
clamav	clamav	0.68.1	cpe:2.3:a:clamav:clamav:0.68.1:::::::*
clamav	clamav	0.70	cpe:2.3:a:clamav:clamav:0.70:::::::*
clamav	clamav	0.70	cpe:2.3:a:clamav:clamav:0.70:rc::::::
clamav	clamav	0.71	cpe:2.3:a:clamav:clamav:0.71:::::::*
clamav	clamav	0.72	cpe:2.3:a:clamav:clamav:0.72:::::::*
clamav	clamav	0.73	cpe:2.3:a:clamav:clamav:0.73:::::::*
clamav	clamav	0.74	cpe:2.3:a:clamav:clamav:0.74:::::::*
clamav	clamav	0.75	cpe:2.3:a:clamav:clamav:0.75:::::::*
clamav	clamav	0.75.1	cpe:2.3:a:clamav:clamav:0.75.1:::::::*
clamav	clamav	0.80	cpe:2.3:a:clamav:clamav:0.80:::::::*
clamav	clamav	0.80	cpe:2.3:a:clamav:clamav:0.80:rc::::::
clamav	clamav	0.80	cpe:2.3:a:clamav:clamav:0.80:rc2::::::
clamav	clamav	0.80	cpe:2.3:a:clamav:clamav:0.80:rc3::::::
clamav	clamav	0.80	cpe:2.3:a:clamav:clamav:0.80:rc4::::::
clamav	clamav	0.81	cpe:2.3:a:clamav:clamav:0.81:::::::*
clamav	clamav	0.82	cpe:2.3:a:clamav:clamav:0.82:::::::*
clamav	clamav	0.83	cpe:2.3:a:clamav:clamav:0.83:::::::*
clamav	clamav	0.84	cpe:2.3:a:clamav:clamav:0.84:::::::*
clamav	clamav	0.84	cpe:2.3:a:clamav:clamav:0.84:rc1::::::
clamav	clamav	0.84	cpe:2.3:a:clamav:clamav:0.84:rc2::::::
clamav	clamav	0.85	cpe:2.3:a:clamav:clamav:0.85:::::::*
clamav	clamav	0.85.1	cpe:2.3:a:clamav:clamav:0.85.1:::::::*
clamav	clamav	0.86	cpe:2.3:a:clamav:clamav:0.86:::::::*
clamav	clamav	0.86	cpe:2.3:a:clamav:clamav:0.86:rc1::::::
clamav	clamav	0.86.1	cpe:2.3:a:clamav:clamav:0.86.1:::::::*
clamav	clamav	0.86.2	cpe:2.3:a:clamav:clamav:0.86.2:::::::*
clamav	clamav	0.87	cpe:2.3:a:clamav:clamav:0.87:::::::*
clamav	clamav	0.87.1	cpe:2.3:a:clamav:clamav:0.87.1:::::::*
clamav	clamav	0.88	cpe:2.3:a:clamav:clamav:0.88:::::::*
clamav	clamav	0.88.1	cpe:2.3:a:clamav:clamav:0.88.1:::::::*
clamav	clamav	0.88.2	cpe:2.3:a:clamav:clamav:0.88.2:::::::*
clamav	clamav	0.88.3	cpe:2.3:a:clamav:clamav:0.88.3:::::::*
clamav	clamav	0.88.4	cpe:2.3:a:clamav:clamav:0.88.4:::::::*
clamav	clamav	0.88.5	cpe:2.3:a:clamav:clamav:0.88.5:::::::*
clamav	clamav	0.88.6	cpe:2.3:a:clamav:clamav:0.88.6:::::::*
clamav	clamav	0.88.7	cpe:2.3:a:clamav:clamav:0.88.7:::::::*
clamav	clamav	0.90	cpe:2.3:a:clamav:clamav:0.90:::::::*
clamav	clamav	0.90	cpe:2.3:a:clamav:clamav:0.90:rc1::::::
clamav	clamav	0.90	cpe:2.3:a:clamav:clamav:0.90:rc1.1::::::
clamav	clamav	0.90	cpe:2.3:a:clamav:clamav:0.90:rc2::::::
clamav	clamav	0.90	cpe:2.3:a:clamav:clamav:0.90:rc3::::::
clamav	clamav	0.90.1	cpe:2.3:a:clamav:clamav:0.90.1:::::::*
clamav	clamav	0.90.2	cpe:2.3:a:clamav:clamav:0.90.2:::::::*
clamav	clamav	0.90.3	cpe:2.3:a:clamav:clamav:0.90.3:::::::*
clamav	clamav	0.91	cpe:2.3:a:clamav:clamav:0.91:::::::*
clamav	clamav	0.91	cpe:2.3:a:clamav:clamav:0.91:rc1::::::
clamav	clamav	0.91	cpe:2.3:a:clamav:clamav:0.91:rc2::::::
clamav	clamav	0.91.1	cpe:2.3:a:clamav:clamav:0.91.1:::::::*
clamav	clamav	0.91.2	cpe:2.3:a:clamav:clamav:0.91.2:::::::*
clamav	clamav	0.92	cpe:2.3:a:clamav:clamav:0.92:::::::*
clamav	clamav	0.92.1	cpe:2.3:a:clamav:clamav:0.92.1:::::::*

CVE-2010-1311 の参考情報

URL	タグ
http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
http://secunia.com/advisories/39293
http://secunia.com/advisories/39329	Vendor Advisory
http://secunia.com/advisories/39656
http://support.apple.com/kb/HT4312
http://www.mandriva.com/security/advisories?name=MDVSA-2010:082
http://www.securityfocus.com/bid/39262	Patch
http://www.ubuntu.com/usn/USN-926-1
http://www.vupen.com/english/advisories/2010/0827
http://www.vupen.com/english/advisories/2010/0832
http://www.vupen.com/english/advisories/2010/0909
http://www.vupen.com/english/advisories/2010/1001
http://www.vupen.com/english/advisories/2010/1206
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771

URL

タグ

http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96

http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html

http://secunia.com/advisories/39293

http://secunia.com/advisories/39329

Vendor Advisory

http://secunia.com/advisories/39656

http://support.apple.com/kb/HT4312

http://www.mandriva.com/security/advisories?name=MDVSA-2010:082

http://www.securityfocus.com/bid/39262