CVE-2013-2021

Published: May 13, 2013Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.

Affected (14)

Products: Canonical: Ubuntu Linux · Suse: Linux Enterprise Server · Clamav: Clamav

1 product

1 product

Linux Enterprise Server

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 11.10
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 12.10
Canonical Ubuntu Linux	Version 13.04

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Suse Linux Enterprise Server	Version 11.0 sp1
Suse Linux Enterprise Server	Version 11.0 sp2

Configuration C

7 vulnerable

Vulnerable Software	Affected Versions
Clamav Clamav	Version 0.97.1
Clamav Clamav	Version 0.97.2
Clamav Clamav	Version 0.97.3
Clamav Clamav	Version 0.97.4
Clamav Clamav	Version 0.97.5
Clamav Clamav	Version 0.97.6
Clamav Clamav	Version 0.97.7

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (42)

http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html

Source: secalert@redhat.com

http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html

Source: secalert@redhat.com

http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109514.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109639.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109652.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105575.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2013-06/msg00018.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2013-06/msg00020.html

Source: secalert@redhat.com

http://secunia.com/advisories/53150

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/53182

Source: secalert@redhat.com

Vendor Advisory

http://support.apple.com/kb/HT5880

Source: secalert@redhat.com

http://support.apple.com/kb/HT5892

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2013:159

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2013/04/25/2

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2013/04/29/20

Source: secalert@redhat.com

http://www.securityfocus.com/bid/59434

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-1816-1

Source: secalert@redhat.com

https://bugzilla.clamav.net/show_bug.cgi?id=7053

Source: secalert@redhat.com

https://github.com/vrtadmin/clamav-devel/commit/24ff855c82d3f5c62bc5788a5776cefbffce2971

Source: secalert@redhat.com

http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109514.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109639.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109652.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105575.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2013-06/msg00018.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2013-06/msg00020.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/53150

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/53182

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://support.apple.com/kb/HT5880

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT5892

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2013:159

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2013/04/25/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2013/04/29/20

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/59434

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-1816-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.clamav.net/show_bug.cgi?id=7053

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/vrtadmin/clamav-devel/commit/24ff855c82d3f5c62bc5788a5776cefbffce2971

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.