CVE-2024-20505

CVE-2024-20505

Name

CVE-2024-20505

Description

A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
	https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html

Type

URI

https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html

Match rules

CPE URI	Source package	Min version	Max version
	clamav	== 1.4.0	== 1.4.0
	clamav	== 1.3.2	== 1.3.2
	clamav	== 1.0.6	== 1.0.6
	clamav	== 1.0.5	== 1.0.5
	clamav	== 1.0.4	== 1.0.4
	clamav	== 1.0.3	== 1.0.3
	clamav	== 1.0.2	== 1.0.2
	clamav	== 1.0.1	== 1.0.1
	clamav	== 1.0.0	== 1.0.0
	clamav	== 1.2.x	== 1.2.x
	clamav	== 0.105.x	== 0.105.x
	clamav	== 0.104.x	== 0.104.x
	clamav	== 0.103.11	== 0.103.11
	clamav	== 0.103.10	== 0.103.10
	clamav	== 0.103.9	== 0.103.9
	clamav	== 0.103.8	== 0.103.8
	clamav	== 0.103.7	== 0.103.7
	clamav	== 0.103.6	== 0.103.6
	clamav	== 0.103.5	== 0.103.5
	clamav	== 0.103.4	== 0.103.4
	clamav	== 0.103.3	== 0.103.3
	clamav	== 0.103.2	== 0.103.2
	clamav	== 0.103.1	== 0.103.1
	clamav	== 0.103.0	== 0.103.0
`cpe:2.3:a:clamav:clamav::::::::`	clamav	>= None	< 0.103.12
`cpe:2.3:a:clamav:clamav::::::::`	clamav	>= 0.104.0	< 1.0.7
`cpe:2.3:a:clamav:clamav::::::::`	clamav	>= 1.2.0	< 1.3.2
`cpe:2.3:a:clamav:clamav:1.4.0:::::::*`	clamav	== None	== 1.4.0

CPE URI

Source package

Min version

Max version

clamav

== 1.4.0

clamav

== 1.3.2

clamav

== 1.0.6

clamav

== 1.0.5

clamav

== 1.0.4

clamav

== 1.0.3

clamav

== 1.0.2

clamav

== 1.0.1

clamav

== 1.0.0

clamav

== 1.2.x

clamav

== 0.105.x

clamav

== 0.104.x

clamav

== 0.103.11

clamav

== 0.103.10

clamav

== 0.103.9

clamav

== 0.103.8

clamav

== 0.103.7

clamav

== 0.103.6

clamav

== 0.103.5

clamav

== 0.103.4

clamav

== 0.103.3

clamav

== 0.103.2

clamav

== 0.103.1

clamav

== 0.103.0

cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*

clamav

>= None

< 0.103.12

cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*

clamav

>= 0.104.0

< 1.0.7

cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*

clamav

>= 1.2.0

< 1.3.2

cpe:2.3:a:clamav:clamav:1.4.0:*:*:*:*:*:*:*

clamav

== None

== 1.4.0

References

Match rules

Vulnerable and fixed packages