Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-1404
CVE-2021-1404:
Clam AntiVirus vulnerability analysis and mitigation
Overview
A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated attacker to cause a buffer over-read condition, potentially resulting in a crash. The vulnerability was discovered and disclosed in April 2021, identified as CVE-2021-1404 (NVD, ClamAV Blog).
Technical details
The vulnerability exists in the PDF parsing functionality of ClamAV versions 0.103.0 and 0.103.1. When processing PDF documents, the parser could trigger a buffer over-read condition, which could lead to a crash of the application (ClamAV Blog).
Impact
If successfully exploited, this vulnerability could allow an unauthenticated remote attacker to cause a denial of service condition by causing the ClamAV service to crash when scanning specially crafted PDF files (Ubuntu Security).
Mitigation and workarounds
The vulnerability has been fixed in ClamAV version 0.103.2. Users are advised to upgrade to this version or later to address the security issue. The fix includes patches for the PDF parser buffer over-read condition (ClamAV Blog).
Additional resources
Source: This report was generated using AI
Related Clam AntiVirus vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management