CVE-2013-2021

Description

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.

How to fix CVE-2013-2021

To remediate CVE-2013-2021, upgrade the affected package to a fixed version below.

• Debian/clamav—upgrade to 0.97.8+dfsg-1 or later

Is CVE-2013-2021 being exploited?

Moderate — EPSS is 8.7%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 0.97.8+dfsg-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2013-2021