Published: 08/04/2021 Updated: 05/08/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote malicious user to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a heap buffer over-read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the malicious user to cause the ClamAV scanning process to crash, resulting in a denial of service condition.

Vulnerable Product	Search on Vulmon	Subscribe to Product
clamav clamav 0.103.0
clamav clamav 0.103.1

Debian Bug report logs - #986622 ClamAV 01032 security patch release Package: clamav; Maintainer for clamav is ClamAV Team <pkg-clamav-devel@listsaliothdebianorg>; Source for clamav is src:clamav (PTS, buildd, popcon) Reported by: Ralf Hildebrandt <RalfHildebrandt@charitede> Date: Thu, 8 Apr 2021 08:27:02 UTC ...

A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 01031 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device The vulnerability is due to improper variable initialization that may result in an NULL pointer read An attacker could e ...

CWE-125 https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986622 https://nvd.nist.gov https://security.archlinux.org/CVE-2021-1404

CVE-2021-1404

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect