Cyber Resilience

CVE-2024-20505

Medium

Published: 04 September 2024

Published
04 September 2024
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score 0.0089 76.0th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-20505 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Clamav Clamav. Its CVSS base score is 4.0 (Medium).

Operationally, ranked in the top 24.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated,…

more

remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

clamav
clamav
1.4.0 · ≤ 0.103.12 · 0.104.0 — 1.0.7 · 1.2.0 — 1.3.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References