5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.139 Low
EPSS
Percentile
95.7%
Versions of ClamAV earlier than 0.97.8 are potentially affected by the following vulnerabilities :
An overflow condition in ‘libclamav/pdf.c’ may be triggered as user-supplied input is not properly validated when handling a specially crafted encrypted PDF file. This may allow a context-dependent attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2013-2021)
An overflow condition in ‘libclamav/pe.c’ may be triggered as user-supplied input is not properly validated when handling a specially crafted UPX-packed executable file. This may allow a context-dependent attacker to cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2013-2020)
Binary data 6782.prm