CVE-2013-2021 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Clamav

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer22 documents14 sources

Severity

4.3MEDIUMNVD

EPSS

8.7%

top 7.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Canonical Ubuntu Linux Suse Linux Enterprise Server

Timeline

PublishedMay 13

Latest updateMay 17

Description

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶Debianclamav/clamav< 0.97.8+dfsg-1+3

▶NVDclamav/clamav7 versions+6

▶NVDsuse/linux_enterprise_server11.0

Also affects: Ubuntu Linux 10.04, 11.10, 12.04, 12.10, 13.04

🔴Vulnerability Details

GHSA

GHSA-8rc2-m544-5vqh: pdf↗2022-05-17

▶

OSV

CVE-2013-2021: pdf↗2013-05-13

▶

CVEList

CVE-2013-2021: pdf↗2013-05-13

▶

💥Exploits & PoCs

Metasploit

Microsoft Exchange ProxyLogon Collector↗

▶

📋Vendor Advisories

Microsoft

Microsoft Exchange Server Remote Code Execution Vulnerability↗2021-03-09

▶

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: BI Publisher Security — CVE-2021-2013↗2021-01-15

▶

Ubuntu

ClamAV vulnerabilities↗2013-05-03

▶

Debian

CVE-2013-2021: clamav - pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial ...↗2013

▶

💬Community

Bugzilla

CVE-2013-2020 CVE-2013-2021 clamav: Multiple potential security issues fixed in upstream 0.97.8 version↗2013-04-24

▶