Heap Memory Corruption in ClamAV by Cisco Systems
CVE-2013-7087

9.8CRITICAL

Key Information:

Vendor

Clamav

Status
Clamav
Vendor
CVE Published:
15 November 2019

What is CVE-2013-7087?

ClamAV versions prior to 0.97.7 are susceptible to a heap memory corruption vulnerability due to improper handling by WWPack. An attacker could exploit this flaw to cause unexpected behavior, potentially allowing execution of arbitrary code or causing a denial of service.

References

https://security-tracker.debian.org/tracker/CVE-2013-7087
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7087
x_refsource_MISC
http://security.gentoo.org/glsa/glsa-201405-08.xml
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.