Vulnerability Details : CVE-2013-6497
clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.
Vulnerability category: Denial of service
Products affected by CVE-2013-6497
- cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6497
11.77%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6497
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2013-6497
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6497
-
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00007.html
[security-announce] SUSE-SU-2014:1574-1: important: Security update for
-
http://www.ubuntu.com/usn/USN-2423-1
USN-2423-1: ClamAV vulnerabilities | Ubuntu security notices
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144754.html
[SECURITY] Fedora 20 Update: clamav-0.98.5-1.fc20
-
http://www.securityfocus.com/bid/71178
ClamAV CVE-2013-6497 Local Denial of Service Vulnerability
-
https://bugzilla.redhat.com/show_bug.cgi?id=1138101
1138101 – (CVE-2013-6497) CVE-2013-6497 ClamAV: -a segmentation fault when processing files
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/98804
ClamAV clamscan -a denial of service CVE-2013-6497 Vulnerability Report
-
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00003.html
[security-announce] openSUSE-SU-2014:1560-1: important: Security update
-
http://www.ubuntu.com/usn/USN-2488-2
USN-2488-2: ClamAV vulnerability | Ubuntu security notices
-
http://www.openwall.com/lists/oss-security/2014/11/19/5
oss-security - Re: Fwd: [Clamav-devel] ClamAV(R) blog: ClamAV 0.98.5 has been released!
-
http://www.mandriva.com/security/advisories?name=MDVSA-2014:217
mandriva.com
-
https://bugzilla.clamav.net/show_bug.cgi?id=11088
Bug 11088 – clamscan -a segmentation fault on valid JavaScript fileVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.html
[security-announce] SUSE-SU-2014:1571-1: important: Security update for
-
http://www.openwall.com/lists/oss-security/2014/11/19/2
oss-security - Fwd: [Clamav-devel] ClamAV(R) blog: ClamAV 0.98.5 has been released!
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144979.html
[SECURITY] Fedora 19 Update: clamav-0.98.5-1.fc19
-
http://blog.clamav.net/2014/11/clamav-0985-has-been-released.html
ClamAV® blog: ClamAV 0.98.5 has been released!Patch;Vendor Advisory
Jump to