CVE-2024-20505

Summary

A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

The vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.

Affected Software

VendorProductVersion RangeStatus
CiscoClamAV1.4.0affected
CiscoClamAV1.3.2affected
CiscoClamAV1.0.6affected
CiscoClamAV1.0.5affected
CiscoClamAV1.0.4affected
CiscoClamAV1.0.3affected
CiscoClamAV1.0.2affected
CiscoClamAV1.0.1affected
CiscoClamAV1.0.0affected
CiscoClamAV1.2.xaffected
CiscoClamAV0.105.xaffected
CiscoClamAV0.104.xaffected
CiscoClamAV0.103.11affected
CiscoClamAV0.103.10affected
CiscoClamAV0.103.9affected
CiscoClamAV0.103.8affected
CiscoClamAV0.103.7affected
CiscoClamAV0.103.6affected
CiscoClamAV0.103.5affected
CiscoClamAV0.103.4affected
CiscoClamAV0.103.3affected
CiscoClamAV0.103.2affected
CiscoClamAV0.103.1affected
CiscoClamAV0.103.0affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References