A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software. This issue affects version 1.3.0 only and does not affect prior versions. https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html
Created clamav tracking bugs for this issue: Affects: epel-all [bug 2276000] Affects: fedora-all [bug 2275999]