AZL-48680

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-48680.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-48680

Upstream

CVE-2024-20505

Published

2024-09-04T22:15:03Z

Modified

2026-04-01T05:17:14.434549Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2024-20505 affecting package clamav for versions less than 1.0.7-1

Details

A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

The vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-20505

Affected packages

Azure Linux:3 / clamav

Package

Name: clamav
Purl: pkg:rpm/azure-linux/clamav

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.7-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-48680.json"