Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-20505

Опубликовано: 04 сент. 2024
Источник: nvd
CVSS3: 4
CVSS3: 7.5
EPSS Низкий

Описание

A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

The vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*
Версия до 0.103.12 (исключая)
cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*
Версия от 0.104.0 (включая) до 1.0.7 (исключая)
cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*
Версия от 1.2.0 (включая) до 1.3.2 (исключая)
cpe:2.3:a:clamav:clamav:1.4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 75%
0.0089
Низкий

4 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-125
CWE-125

Связанные уязвимости

ubuntu логотип

CVE-2024-20505

CVSS3: 4
ubuntu
больше 1 года назад

A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.

msrc логотип

CVE-2024-20505

CVSS3: 7.5
msrc
около 1 года назад

ClamAV Memory Handling DoS

debian логотип

CVE-2024-20505

CVSS3: 4
debian
больше 1 года назад

A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) v ...

github логотип

GHSA-6qcx-p3rr-pfwf

CVSS3: 4
github
больше 1 года назад

A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.

fstec логотип

BDU:2024-06743

CVSS3: 7.5
fstec
больше 1 года назад

Уязвимость компонента анализа pdf-файлов пакета антивирусных программ ClamAV, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 75%
0.0089
Низкий

4 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-125
CWE-125