Integer overflow in ClamAV - CVE-2026-20215
Published: July 1, 2026
ClamAV
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to integer overflow in the 7z parser substream count handling when parsing a malformed archive. A remote attacker can provide a specially crafted archive to execute arbitrary code.
The issue can under-allocate parser metadata arrays and write past them while reading the archive.