ClamAV Vulnerability Could Lead to Denial of Service
CVE-2024-20505
7.5HIGH
Summary
A vulnerability exists in the PDF parsing module of Clam AntiVirus, affecting various older versions including 1.4.0, 1.3.2, and several prior releases. This issue is due to an out of bounds read that could potentially allow an unauthenticated remote attacker to submit specially crafted PDF files to be scanned. When exploited, this vulnerability may lead to a denial of service (DoS) condition, causing affected devices to terminate their scanning processes unexpectedly, thereby compromising the integrity of the antivirus service.
Affected Version(s)
ClamAV 1.4.0
ClamAV 1.3.2
ClamAV 1.0.6
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published