CVE-2024-20505

2024-09-0422:15:03

CWE-125

cisco

web.nvd.nist.gov

clam antivirus

pdf parsing

vulnerability

remote attacker

denial of service

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

The vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.

Affected configurations

Nvd

Vulners

Node

clamavclamavRange<0.103.12

clamavclamavRange0.104.0–1.0.7

clamavclamavRange1.2.0–1.3.2

clamavclamavMatch1.4.0

VendorProductVersionCPE
clamavclamav*cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*
clamavclamav1.4.0cpe:2.3:a:clamav:clamav:1.4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
clamav	clamav	*	cpe:2.3:a:clamav:clamav::::::::
clamav	clamav	1.4.0	cpe:2.3:a:clamav:clamav:1.4.0:::::::*

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "ClamAV",
    "versions": [
      {
        "status": "affected",
        "version": "1.4.0"
      },
      {
        "status": "affected",
        "version": "1.3.2"
      },
      {
        "status": "affected",
        "version": "1.0.6"
      },
      {
        "status": "affected",
        "version": "1.0.5"
      },
      {
        "status": "affected",
        "version": "1.0.4"
      },
      {
        "status": "affected",
        "version": "1.0.3"
      },
      {
        "status": "affected",
        "version": "1.0.2"
      },
      {
        "status": "affected",
        "version": "1.0.1"
      },
      {
        "status": "affected",
        "version": "1.0.0"
      },
      {
        "status": "affected",
        "version": "1.2.x"
      },
      {
        "status": "affected",
        "version": "0.105.x"
      },
      {
        "status": "affected",
        "version": "0.104.x"
      },
      {
        "status": "affected",
        "version": "0.103.11"
      },
      {
        "status": "affected",
        "version": "0.103.10"
      },
      {
        "status": "affected",
        "version": "0.103.9"
      },
      {
        "status": "affected",
        "version": "0.103.8"
      },
      {
        "status": "affected",
        "version": "0.103.7"
      },
      {
        "status": "affected",
        "version": "0.103.6"
      },
      {
        "status": "affected",
        "version": "0.103.5"
      },
      {
        "status": "affected",
        "version": "0.103.4"
      },
      {
        "status": "affected",
        "version": "0.103.3"
      },
      {
        "status": "affected",
        "version": "0.103.2"
      },
      {
        "status": "affected",
        "version": "0.103.1"
      },
      {
        "status": "affected",
        "version": "0.103.0"
      }
    ],
    "defaultStatus": "unknown"
  }
]