CVE-2024-20505

CVSS 3.1 Score 4.0 of 10 (medium)

Details

Published Sep 4, 2024
Updated: Sep 5, 2024

Summary

CVE-2024-20505 is a vulnerability affecting multiple versions of Clam AntiVirus (ClamAV), including versions 1.4.0, 1.3.2 and earlier, all 1.2.x versions, 1.0.6 and prior, as well as all versions under 0.105.x, 0.104.x, and 0.103.11. This vulnerability arises from an out-of-bounds read in the PDF parsing module that allows unauthenticated remote attackers to exploit it by submitting specially crafted PDF files for scanning, potentially leading to a denial of service (DoS) condition on the affected devices by terminating the scanning process. To remediate this issue, users are advised to update ClamAV to version 1.4.1 or later, or to apply other relevant patches as outlined in security advisories from ClamAV developers. The potential danger posed includes disruption of services and decreased availability of antivirus protection in an organization’s network environment due to the DoS attack possibility; however, it typically requires local access for exploitation and does not impact confidentiality or integrity according to its medium severity score of 4.0 in CVSS v3.1 metrics.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share