Input validation error in ClamAV - CVE-2026-20243
Published: July 1, 2026
ClamAV
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper size handling in the ALZ parser when parsing a malformed ALZ archive. A remote attacker can provide a specially crafted archive to cause a denial of service.
The issue may panic or abort the scanner, and it may also skip expected scan-limit handling.