← back
CVE-2024-20505

ClamAV Memory Handling DoS

CVSS 4 MEDIUMEPSS 0.6%CWE-125
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
04 Sep 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected products
Cisco · ClamAV