CVE-2013-6497 — Clamav vulnerability

CWE-1711 documents6 sources

Severity

2.1LOWNVD

EPSS

0.4%

top 38.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Debian Clamav

Timeline

PublishedDec 1

Latest updateMay 17

Description

clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/clamav< clamav 0.98.5+dfsg-1 (bookworm)

▶Debianclamav/clamav< 0.98.5+dfsg-1+3

▶Ubuntuclamav/clamav< 0.98.5+addedllvm-0ubuntu0.14.04.1

▶NVDclamav/clamav0.98.4

Patches

Patch: blog.clamav.net ↗Patch: blog.clamav.net ↗

🔴Vulnerability Details

GHSA

GHSA-jfxp-x34q-78xp: clamscan in ClamAV before 0↗2022-05-17

▶

OSV

CVE-2013-6497: clamscan in ClamAV before 0↗2014-12-01

▶

OSV

clamav vulnerabilities↗2014-11-26

▶

📋Vendor Advisories

Ubuntu

ClamAV vulnerability↗2015-02-12

▶

Ubuntu

ClamAV vulnerabilities↗2014-11-26

▶

Debian

CVE-2013-6497: clamav - clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers ...↗2013

▶

💬Community

Bugzilla

CVE-2013-6497 ClamAV: -a segmentation fault when processing files [epel-all]↗2014-11-19

▶

Bugzilla

CVE-2013-6497 ClamAV: -a segmentation fault when processing files [fedora-all]↗2014-11-19

▶

Bugzilla

CVE-2013-6497 ClamAV: -a segmentation fault when processing files↗2014-09-04

▶

Bugzilla

CVE-2012-6497 rubygem-authlogic: potential unsafe find_by_id method calls↗2013-01-04

▶