CVE-2026-20217
Received Received - Intake

DoS via Memory Corruption in ClamAV PESpin Parser

Vulnerability report for CVE-2026-20217, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: Cisco Systems, Inc.

Description

A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in PESpin files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains PESpin content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
clamav clamav *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the PESpin file format parser of ClamAV. It occurs because the software does not properly check boundaries when processing PESpin files, which can lead to writing data outside the intended memory area (out-of-bounds buffer write).

An attacker can exploit this by submitting a specially crafted PESpin file to be scanned by ClamAV. This can cause the scanning process to crash or terminate unexpectedly.

Impact Analysis

Exploiting this vulnerability can cause a denial-of-service (DoS) condition by terminating the ClamAV scanning process. This means that the antivirus software may stop functioning properly, potentially leaving the system unprotected against malware.

There may also be other expanded impacts due to memory corruption, but the primary known impact is the DoS condition.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20217. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart