A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
The behavior of this function is undefined unless its control parameter is set to a specific value.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Clamav | Clamav | 1.3.0 (including) | 1.3.0 (including) |
| Clamav | Clamav | 1.3.0-rc (including) | 1.3.0-rc (including) |
| Clamav | Clamav | 1.3.0-rc2 (including) | 1.3.0-rc2 (including) |