VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-beus-rm7h-3qga

Vulnerability ID	VCID-beus-rm7h-3qga
Aliases	CVE-2013-6497
Summary	clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.
Status	Published
Exploitability	0.5
Weighted Severity	1.9
Risk	0.9
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-17

System	Score	Found at
epss	0.00405	https://api.first.org/data/v1/epss?cve=CVE-2013-6497
epss	0.00405	https://api.first.org/data/v1/epss?cve=CVE-2013-6497
epss	0.00405	https://api.first.org/data/v1/epss?cve=CVE-2013-6497
epss	0.00405	https://api.first.org/data/v1/epss?cve=CVE-2013-6497
epss	0.00405	https://api.first.org/data/v1/epss?cve=CVE-2013-6497
epss	0.00405	https://api.first.org/data/v1/epss?cve=CVE-2013-6497
epss	0.00405	https://api.first.org/data/v1/epss?cve=CVE-2013-6497
epss	0.00405	https://api.first.org/data/v1/epss?cve=CVE-2013-6497
epss	0.00405	https://api.first.org/data/v1/epss?cve=CVE-2013-6497
cvssv2	2.1	https://nvd.nist.gov/vuln/detail/CVE-2013-6497

Reference id	Reference type	URL
		http://blog.clamav.net/2014/11/clamav-0985-has-been-released.html
		http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144754.html
		http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144979.html
		http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00003.html
		http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.html
		http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00007.html
		https://api.first.org/data/v1/epss?cve=CVE-2013-6497
		https://bugzilla.clamav.net/show_bug.cgi?id=11088
		https://bugzilla.redhat.com/show_bug.cgi?id=1138101
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6497
		http://secunia.com/advisories/59645
		http://secunia.com/advisories/60150
		https://exchange.xforce.ibmcloud.com/vulnerabilities/98804
		http://www.mandriva.com/security/advisories?name=MDVSA-2014:217
		http://www.openwall.com/lists/oss-security/2014/11/19/2
		http://www.openwall.com/lists/oss-security/2014/11/19/5
		http://www.securityfocus.com/bid/71178
		http://www.ubuntu.com/usn/USN-2423-1
		http://www.ubuntu.com/usn/USN-2488-2
cpe:2.3:a:clamav:clamav::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav::::::::
CVE-2013-6497		https://nvd.nist.gov/vuln/detail/CVE-2013-6497
USN-2423-1		https://usn.ubuntu.com/2423-1/
USN-2488-2		https://usn.ubuntu.com/2488-2/

No exploits are available.

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2013-6497

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Exploit Prediction Scoring System (EPSS)

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T16:31:19.901662+00:00	Debian Oval Importer	Import	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.0.0