CVE-2013-2020

Name of the Vulnerable Software and Affected Versions ClamAV versions prior to 0.97.8

Description The issue is related to an integer underflow in the cli scanpe function, which can be triggered by a skewed offset larger than the size of the PE section in a UPX packed executable. This can cause a denial of service, resulting in a crash due to an out-of-bounds read.

Recommendations For versions prior to 0.97.8, update to version 0.97.8 or later to resolve the issue. As a temporary workaround, consider restricting the scanning of UPX packed executables until the update is applied.