Denial of Service Vulnerability in ClamAV by Cisco
CVE-2013-6497

Currently unrated

Key Information:

Vendor: Clamav
Status: Clamav
Vendor: CVE Published:; 1 December 2014

What is CVE-2013-6497?

ClamAV versions prior to 0.98.5 contain a vulnerability that permits remote attackers to exploit the software by leveraging the '-a' command-line option. This can lead to a denial of service condition, crashing the application when processing malicious input such as a specially crafted 'jwplayer.js' file. Users are advised to upgrade to the latest version to mitigate this issue.

References

http://lists.opensuse.org/opensuse-security-announce/2014...

vendor-advisoryx_refsource_SUSE

http://www.openwall.com/lists/oss-security/2014/11/19/2

mailing-listx_refsource_MLIST

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

Timeline

Vulnerability published
Dec 1, 2014
Vulnerability Reserved
Nov 4, 2013

Clamav

What is CVE-2013-6497?

References

Timeline