CVE-2013-2020

Description

Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.

How to fix CVE-2013-2020

To remediate CVE-2013-2020, upgrade the affected package to a fixed version below.

• Debian/clamav—upgrade to 0.97.8+dfsg-1 or later

Is CVE-2013-2020 being exploited?

Moderate — EPSS is 7.7%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 0.97.8+dfsg-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-2020