Published: 08/04/2021 Updated: 05/08/2022

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote malicious user to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the malicious user to cause the ClamAV scanning process hang, resulting in a denial of service condition.

Vulnerable Product	Search on Vulmon	Subscribe to Product
clamav clamav 0.103.0
clamav clamav 0.103.1

Debian Bug report logs - #986622 ClamAV 01032 security patch release Package: clamav; Maintainer for clamav is ClamAV Team <pkg-clamav-devel@listsaliothdebianorg>; Source for clamav is src:clamav (PTS, buildd, popcon) Reported by: Ralf Hildebrandt <RalfHildebrandt@charitede> Date: Thu, 8 Apr 2021 08:27:02 UTC ...

A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 01030 and 01031 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device The vulnerability is due to improper error handling that may result in an infinite loop An attacker could exploit this v ...

CWE-835 https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986622 https://nvd.nist.gov

CVE-2021-1252

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect