5
CVSSv2

CVE-2013-2020

Published: 13/05/2013 Updated: 28/09/2015
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

Integer underflow in the cli_scanpe function in pe.c in ClamAV prior to 0.97.8 allows remote malicious users to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.

Vendor Advisories

ClamAV could be made to crash or run programs if it opened a specially crafted file ...

References

CWE-189http://blog.clamav.net/2013/04/clamav-0978-has-been-released.htmlhttp://lists.apple.com/archives/security-announce/2013/Sep/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2013/Sep/msg00004.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-June/109514.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-June/109639.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-June/109652.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/105575.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.htmlhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00018.htmlhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00020.htmlhttp://secunia.com/advisories/53150http://secunia.com/advisories/53182http://support.apple.com/kb/HT5880http://support.apple.com/kb/HT5892http://www.mandriva.com/security/advisories?name=MDVSA-2013:159http://www.openwall.com/lists/oss-security/2013/04/25/2http://www.openwall.com/lists/oss-security/2013/04/29/20http://www.securityfocus.com/bid/59434http://www.ubuntu.com/usn/USN-1816-1https://bugzilla.clamav.net/show_bug.cgi?id=7055https://github.com/vrtadmin/clamav-devel/commit/270e368b99e93aa5447d46c797c92c3f9f39f375https://www.rapid7.com/db/vulnerabilities/alpine-linux-cve-2013-2020http://tools.cisco.com/security/center/viewAlert.x?alertId=30801https://usn.ubuntu.com/1816-1/https://nvd.nist.govhttps://www.rapid7.com/db/vulnerabilities/apple-osx-clamav-cve-2013-2021