Allocation of Resources Without Limits or Throttling in ClamAV - CVE-2026-20216
Published: July 1, 2026
ClamAV
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper enforcement of extraction limits in InstallShield archive handling when scanning a crafted InstallShield archive. A remote attacker can provide a specially crafted archive to cause a denial of service.
The issue can exhaust temporary storage by writing far more temporary data than intended.