Denial of Service Vulnerability in ClamAV AntiVirus
CVE-2017-12376

7.8HIGH

Key Information:

Vendor
Debian
Status
Clamav Antivirus Software Versions 0.99.2 And Prior
Vendor
CVE Published:
26 January 2018

Summary

ClamAV AntiVirus versions up to 0.99.2 are prone to a vulnerability stemming from inadequate input validation while processing PDF files. An unauthenticated remote attacker can exploit this flaw by transmitting a specially crafted PDF document, potentially leading to a denial of service or the execution of arbitrary code. The issue arises during the scanning process, specifically at the handle_pdfname function, where a buffer overflow could occur, compromising the affected device's stability and security.

Affected Version(s)

ClamAV AntiVirus software 0.99.2 and prior ClamAV AntiVirus software versions 0.99.2 and prior

References

https://usn.ubuntu.com/3550-1/
vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3550-2/
vendor-advisoryx_refsource_UBUNTU
https://bugzilla.clamav.net/show_bug.cgi?id=11942
x_refsource_CONFIRM

EPSS Score

13% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.