CVE-2024-20505

CWE-125Out-of-bounds Read10 documents7 sources
Severity
7.5HIGH
EPSS
0.9%
top 24.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Clamav ClamavCisco Clamav
Timeline
PublishedSep 4
Latest updateSep 17

Description

A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.5 | Impact: 1.4

Affected Packages4 packages

NVDclamav/clamav0.104.01.0.7+3
Debianclamav< 1.0.7+dfsg-1~deb11u1+3
Ubuntuclamav< 0.103.12+dfsg-0ubuntu0.20.04.1+4
CVEListV5cisco/clamav24 versions+23

Patches

Patch: blog.clamav.net

🔴Vulnerability Details

5
OSV
clamav vulnerabilities2024-09-17
OSV
clamav vulnerabilities2024-09-16
GHSA
GHSA-6qcx-p3rr-pfwf: A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 12024-09-05
OSV
CVE-2024-20505: A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 12024-09-04
CVEList
ClamAV Memory Handling DoS2024-09-04

📋Vendor Advisories

4
Ubuntu
ClamAV vulnerabilities2024-09-17
Ubuntu
ClamAV vulnerabilities2024-09-16
Microsoft
ClamAV Memory Handling DoS2024-09-10
Debian
CVE-2024-20505: clamav - A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1....2024
CVE-2024-20505 (HIGH CVSS 7.5) | A vulnerability in the PDF parsing | cvebase.io