4.3 - CVE-2013-2021

Executive Summary

Informations
Name	CVE-2013-2021	First vendor Publication	2013-05-13
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score	4.3	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2021

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17560

Oval ID:	oval:org.mitre.oval:def:17560
Title:	USN-1816-1 -- clamav vulnerabilities
Description:	ClamAV could be made to crash or run programs if it opened a specially crafted file.
Family:	unix	Class:	patch
Reference(s):	USN-1816-1 CVE-2013-2020 CVE-2013-2021	Version:	7
Platform(s):	Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04	Product(s):	clamav
Definition Synopsis:
Release section Ubuntu 13.04 is installed AND clamav DPKG is earlier than 0.97.8+dfsg-1ubuntu1.13.04.1 AND Release section Ubuntu 12.10 is installed AND clamav DPKG is earlier than 0.97.8+dfsg-1ubuntu1.12.10.1 AND Release section Ubuntu 12.04 is installed AND clamav DPKG is earlier than 0.97.8+dfsg-1ubuntu1.12.04.1 AND Release section Ubuntu 11.10 is installed AND clamav DPKG is earlier than 0.97.8+dfsg-1ubuntu1.11.10.1 AND Release section Ubuntu 10.04 is installed AND clamav DPKG is earlier than 0.97.8+dfsg-1ubuntu1.10.04.1

Definition Id: oval:org.mitre.oval:def:25964

Oval ID:	oval:org.mitre.oval:def:25964
Title:	SUSE-SU-2013:1059-1 -- Security update for clamav
Description:	This update contains clamav 0.97.8 which fixes security issues (bnc#816865): * CVE-2013-2020: Fix heap corruption * CVE-2013-2021: Fix overflow due to PDF key length computation.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:1059-1 CVE-2013-2020 CVE-2013-2021	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 10 SUSE Linux Enterprise Desktop 11 SUSE Linux Enterprise Desktop 10	Product(s):	clamav
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed AND clamav RPM is earlier than 0:0.97.8-0.2.1 AND SUSE Linux Enterprise Server 10 and SUSE Linux Enterprise Desktop 10 release section Operation system section SUSE Linux Enterprise Server 10 is installed AND SUSE Linux Enterprise Desktop 10 is installed AND clamav RPM is earlier than 0:0.97.8-0.5.1

Definition Id: oval:org.mitre.oval:def:26004

Oval ID:	oval:org.mitre.oval:def:26004
Title:	SUSE-SU-2013:1059-2 -- Security update for clamav
Description:	This release of clamav provides version 0.97.8 and fixes several potential security issues (bnc#816865): * CVE-2013-2020: Fix heap corruption * CVE-2013-2021: Fix overflow due to PDF key length computation.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2013:1059-2 CVE-2013-2020 CVE-2013-2021	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	clamav
Definition Synopsis:
Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed AND clamav RPM is earlier than 0:0.97.8-0.2.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Clamav cpe:2.3:a:clamav:clamav:0.97.7:::::::* cpe:2.3:a:clamav:clamav:0.97.6:::::::* cpe:2.3:a:clamav:clamav:0.97.5:::::::* cpe:2.3:a:clamav:clamav:0.97.4:::::::* cpe:2.3:a:clamav:clamav:0.97.3:::::::* cpe:2.3:a:clamav:clamav:0.97.2:::::::* cpe:2.3:a:clamav:clamav:0.97.1:::::::*	7
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:13.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:::::* cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:::::*	5
Os	Suse Linux Enterprise Server cpe:2.3:o:suse:linux_enterprise_server:11.0:sp1:::::: cpe:2.3:o:suse:linux_enterprise_server:11.0:sp2::::::	2

Information Assurance Vulnerability Management (IAVM)

Date	Description
2013-09-19	IAVM : 2013-A-0179 - Apple Mac OS X Security Update 2013-004 Severity : Category I - VMSKEY : V0040373

Nessus® Vulnerability Scanner

Date	Description
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-430.nasl - Type : ACT_GATHER_INFO
2014-05-19	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201405-08.nasl - Type : ACT_GATHER_INFO
2013-09-17	Name : The remote host is missing a security update for OS X Server. File : macosx_server_2_2_2.nasl - Type : ACT_GATHER_INFO
2013-09-13	Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2013-004.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Fedora host is missing a security update. File : fedora_2013-10853.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Fedora host is missing a security update. File : fedora_2013-10953.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Fedora host is missing a security update. File : fedora_2013-10980.nasl - Type : ACT_GATHER_INFO
2013-06-21	Name : The remote SuSE 11 host is missing a security update. File : suse_11_clamav-130604.nasl - Type : ACT_GATHER_INFO
2013-06-21	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_clamav-8606.nasl - Type : ACT_GATHER_INFO
2013-05-16	Name : The remote Fedora host is missing a security update. File : fedora_2013-8047.nasl - Type : ACT_GATHER_INFO
2013-05-04	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1816-1.nasl - Type : ACT_GATHER_INFO
2013-05-03	Name : The antivirus service running on the remote host is affected by multiple vuln... File : clamav_0_97_8.nasl - Type : ACT_GATHER_INFO
2013-05-01	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-159.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109514.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109639.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109652.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105575.html
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00018.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00020.html
http://secunia.com/advisories/53150
http://secunia.com/advisories/53182
http://support.apple.com/kb/HT5880
http://support.apple.com/kb/HT5892
http://www.mandriva.com/security/advisories?name=MDVSA-2013:159
http://www.openwall.com/lists/oss-security/2013/04/25/2
http://www.openwall.com/lists/oss-security/2013/04/29/20
http://www.securityfocus.com/bid/59434
http://www.ubuntu.com/usn/USN-1816-1
https://bugzilla.clamav.net/show_bug.cgi?id=7053
https://github.com/vrtadmin/clamav-devel/commit/24ff855c82d3f5c62bc5788a5776c...

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 12:34:33	Multiple Updates
2021-05-04 12:24:51	Multiple Updates
2021-04-22 01:29:46	Multiple Updates
2020-05-23 00:36:49	Multiple Updates
2016-04-26 23:03:58	Multiple Updates
2015-09-28 21:23:04	Multiple Updates
2014-12-12 09:22:32	Multiple Updates
2014-06-14 13:35:20	Multiple Updates
2014-05-20 13:23:16	Multiple Updates
2014-02-17 11:18:51	Multiple Updates
2013-11-25 13:20:47	Multiple Updates
2013-11-11 12:40:23	Multiple Updates
2013-09-20 13:20:11	Multiple Updates
2013-09-18 13:19:50	Multiple Updates
2013-08-22 17:19:57	Multiple Updates
2013-06-27 13:20:08	Multiple Updates
2013-05-16 17:03:18	Multiple Updates
2013-05-14 13:18:47	First insertion

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	3
CPE ID(s)	14
Sources(s)	21
IAVM(s)	1
Nessus® Exploit(s)	13

	Related
5	USN-1816-1
5	MDVSA-2013:159
5	GLSA-201405-08
3.5	CVE-2014-2021
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 4 more Alert(s)

Copyright Security-Database 2006-2025 - Powered by themself ;) in 0.0402s

Facebook rss twitter linkedin mail