Buffer Overflow Affecting clamav-daemon package, versions <1.5.3-r0


Severity

Recommended
0.0
high
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
0.39% (31st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-MINIMOSLATEST-CLAMAVDAEMON-17941211
  • published11 Jul 2026
  • disclosed1 Jul 2026

Introduced: 1 Jul 2026

NewCVE-2026-20243  (opens in a new tab)
CWE-120  (opens in a new tab)

How to fix?

Upgrade Minimos:latest clamav-daemon to version 1.5.3-r0 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream clamav-daemon package and not the clamav-daemon package as distributed by Minimos. See How to fix? for Minimos:latest relevant fixed versions and status.

A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.

This vulnerability is due to improper boundary checks for content in ALZ files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains ALZ content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.

CVSS Base Scores

version 3.1