CVE-2021-1404

Published on: 04/08/2021 12:00:00 AM UTC

Last Modified on: 04/13/2021 07:40:57 PM UTC

CVE-2021-1404 - advisory for https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html

Source: Mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

The following vulnerability was found:

A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a heap buffer over-read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.

  • CVE-2021-1404 has been assigned by [email protected] to track the vulnerability
  • Affected Vendor/Software: Cisco - ClamAV version = 0.103.0
  • Affected Vendor/Software: Cisco - ClamAV version = 0.103.1

CVE References

Description Tags Link
ClamAV® blog: ClamAV 0.103.2 security patch release blog.clamav.net
text/html
 URL Logo CISCO blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

  • 174899 SUSE Enterprise Linux Security Update for clamav (SUSE-SU-2021:1174-1)
  • 174903 SUSE Enterprise Linux Security Update for clamav (SUSE-SU-2021:1190-1)
  • 174911 SUSE Enterprise Linux Security Update for clamav (SUSE-SU-2021:1189-1)

Known Affected Software

Vendor Product Version
Cisco ClamAV= 0.103.0
Cisco ClamAV= 0.103.1

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2021-1404 : A vulnerability in the email parsing module in Clam AntiVirus ClamAV Software version 0.103.0 and… twitter.com/i/web/status/1… 2021-04-08 04:36:48