Buffer Overflow Affecting clamav package, versions <1.5.3-160000.1.1


Severity

Recommended
0.0
high
0
10

Based on SUSE Linux Enterprise Server security rating.

Threat Intelligence

EPSS
0.39% (31st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-SLES1600-CLAMAV-17978074
  • published15 Jul 2026
  • disclosed7 Jul 2026

Introduced: 7 Jul 2026

NewCVE-2026-20244  (opens in a new tab)
CWE-120  (opens in a new tab)

How to fix?

Upgrade SLES:16.0.0 clamav to version 1.5.3-160000.1.1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream clamav package and not the clamav package as distributed by SLES. See How to fix? for SLES:16.0.0 relevant fixed versions and status.

A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.

This vulnerability is due to improper boundary checks for content in DMG files during scanning, which may result in an integer overflow on 32-bit platforms only. An attacker could exploit this vulnerability by submitting a crafted file that contains DMG content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.

CVSS Base Scores

version 3.1