CVE-2026-20214
Received Received - Intake

DoS via Memory Corruption in ClamAV FSG Parser

Vulnerability report for CVE-2026-20214, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: Cisco Systems, Inc.

Description

A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in FSG files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains portable executable content compressed with FSG to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
clamav clamav *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the FSG file format parser of ClamAV. It occurs because the software does not properly check boundaries when processing content in FSG files during scanning. This flaw can lead to an out-of-bounds buffer write, which means memory corruption can happen.

An attacker who is not authenticated and is remote can exploit this by submitting a specially crafted file containing portable executable content compressed with FSG to be scanned by ClamAV. Successfully exploiting this vulnerability can cause the ClamAV scanning process to crash or terminate unexpectedly.

Impact Analysis

The primary impact of this vulnerability is a Denial of Service (DoS) condition. An attacker can cause the ClamAV scanning process to terminate unexpectedly, which may disrupt the antivirus scanning functionality on the affected device.

Because the vulnerability involves memory corruption, there is also a possibility of other expanded impacts beyond DoS, although these are not explicitly detailed.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20214. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart