A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HClamav
APPClamav1.3.0
Related vulnerabilities
ClamAV: buffer overflow w skanowaniu PDF umożliwia DoS lub RCE
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerabilit...
ClamAV before 0.97.7 has buffer overflow in the libclamav component
ClamAV before 0.97.7 has WWPack corrupt heap memory
clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.