{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T05:20:53.220","vulnerabilities":[{"cve":{"id":"CVE-2021-1404","sourceIdentifier":"psirt@cisco.com","published":"2021-04-08T05:15:13.267","lastModified":"2024-11-21T05:44:16.710","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a heap buffer over-read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition."},{"lang":"es","value":"Una vulnerabilidad en el módulo de análisis de PDF en el Software Clam AntiVirus (ClamAV) versiones 0.103.0 y 0.103.1, podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio en un dispositivo afectado. La vulnerabilidad es debido a un seguimiento inapropiado del tamaño del búfer que puede resultar en una lectura excesiva del búfer de la pila. Un atacante podría explotar esta vulnerabilidad mediante el envío de un archivo PDF diseñado a un dispositivo afectado. Una explotación podría permitir al atacante causar que el proceso de escaneo de ClamAV se bloquee, resultando en una condición de denegación de servicio"}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:clamav:clamav:0.103.0:*:*:*:*:*:*:*","matchCriteriaId":"C776BACB-EE82-4BE9-86C9-C20732E42E7F"},{"vulnerable":true,"criteria":"cpe:2.3:a:clamav:clamav:0.103.1:*:*:*:*:*:*:*","matchCriteriaId":"D1E389C4-E99E-464E-9466-02204167FEB4"}]}]}],"references":[{"url":"https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html","source":"psirt@cisco.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]}]}}]}