Buffer Overflow Affecting clamav-docs-html package, versions <1.5.3-160000.1.1


Severity

Recommended
0.0
high
0
10

Based on SUSE Linux Enterprise Server security rating.

Threat Intelligence

EPSS
0.46% (37th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-SLES1600-CLAMAVDOCSHTML-17977799
  • published15 Jul 2026
  • disclosed7 Jul 2026

Introduced: 7 Jul 2026

NewCVE-2026-20213  (opens in a new tab)
CWE-120  (opens in a new tab)

How to fix?

Upgrade SLES:16.0.0 clamav-docs-html to version 1.5.3-160000.1.1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream clamav-docs-html package and not the clamav-docs-html package as distributed by SLES. See How to fix? for SLES:16.0.0 relevant fixed versions and status.

A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.

This vulnerability is due to improper boundary checks for content in PE files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains PE content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.

CVSS Base Scores

version 3.1