A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a heap buffer over-read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.
References
Link | Resource |
---|---|
https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
05 Aug 2022, 17:18
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-125 |
20 Apr 2021, 16:46
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:clamav:clamav:0.103.0:*:*:*:*:*:*:* cpe:2.3:a:clamav:clamav:0.103.1:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
References | (CISCO) https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html - Release Notes, Vendor Advisory |
13 Apr 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a heap buffer over-read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. |
08 Apr 2021, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-04-08 05:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-1404
Mitre link : CVE-2021-1404
CVE.ORG link : CVE-2021-1404
JSON object : View
Products Affected
clamav
- clamav