PT-2020-17246 · Clam Antivirus+4 · Clamav+4

Published

2020-05-12

·

Updated

2026-02-06

·

CVE-2020-3341

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Clam AntiVirus (ClamAV) Software versions 0.101 through 0.102.2
Description A vulnerability in the PDF archive parsing module could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The issue is due to a stack buffer overflow read. An attacker could exploit this by sending a crafted PDF file to an affected device, potentially causing the ClamAV scanning process to crash.
Recommendations For Clam AntiVirus (ClamAV) Software versions 0.101 through 0.102.2, update to a version that fixes the stack buffer overflow read issue in the PDF archive parsing module to prevent denial of service conditions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2020-2018
ALT-PU-2020-2028
CLEANSTART-2026-LA13761
CLEANSTART-2026-NJ87139
CLEANSTART-2026-TC95380
CLEANSTART-2026-WX01708
CVE-2020-3341
DLA-2215-1
MGASA-2020-0226
OPENSUSE-SU-2020:2268-1
OPENSUSE-SU-2020:2276-1
OPENSUSE-SU-2020_2268-1
OPENSUSE-SU-2020_2276-1
OPENSUSE-SU-2024:10685-1
SUSE-SU-2020:3729-1
SUSE-SU-2020:3790-1
SUSE-SU-2020:3918-1
SUSE-SU-2021:14592-1
USN-4370-1
USN-4370-2

Affected Products

Alt Linux
Clamav
Linuxmint
Suse
Ubuntu