Bug 1961583 (CVE-2021-1404) - CVE-2021-1404 clamav: heap buffer over-read in the email parsing module may lead to DoS
Summary: CVE-2021-1404 clamav: heap buffer over-read in the email parsing module may l...
Keywords:
Status: NEW
Alias: CVE-2021-1404
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 1961712 1961584 1961585
Blocks: 1961575
TreeView+ depends on / blocked
 
Reported: 2021-05-18 10:08 UTC by Marian Rehak
Modified: 2023-07-07 08:28 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in clamav. The PDF parsing module could allow an unauthenticated, remote attacker to cause a denial of service condition due to improper buffer size tracking that may result in a heap buffer over-read. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Marian Rehak 2021-05-18 10:08:51 UTC 
A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a heap buffer over-read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.

https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
Comment 1 Marian Rehak 2021-05-18 10:10:30 UTC 
Created clamav tracking bugs for this issue:

Affects: epel-all [bug 1961585]
Affects: fedora-all [bug 1961584]
Note You need to log in before you can comment on or make changes to this bug.