CVE-2026-20243
Received Received - Intake

Memory Corruption in ClamAV ALZ File Parser

Vulnerability report for CVE-2026-20243, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: Cisco Systems, Inc.

Description

A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in ALZ files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains ALZ content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
clamav clamav *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the ALZ file format parser of ClamAV. It occurs because the software does not properly check boundaries when processing ALZ file content during scanning. This flaw can lead to an out-of-bounds buffer write, which means memory outside the intended area can be overwritten.

An attacker who is not authenticated and is remote can exploit this by submitting a specially crafted ALZ file to be scanned by ClamAV. Successfully exploiting this vulnerability can cause the ClamAV scanning process to crash or terminate unexpectedly.

Impact Analysis

The primary impact of this vulnerability is a Denial of Service (DoS) condition. When exploited, it can cause the ClamAV scanning process to terminate unexpectedly, potentially disrupting malware scanning and protection services.

There may also be other expanded impacts due to memory corruption, but these are not specifically detailed.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20243. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart