Unrated severityNVD Advisory· Published Mar 4, 2026· Updated Mar 5, 2026
ClamAV CSS Image Parsing Error Handling Denial of Service Vulnerability
CVE-2026-20031
Description
A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit this vulnerability by submitting a crafted HTML file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the scanning process.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14- osv-coords12 versionspkg:apk/chainguard/clamav-1.4pkg:apk/chainguard/clamav-1.5pkg:apk/wolfi/clamav-1.4pkg:apk/wolfi/clamav-1.5pkg:rpm/opensuse/clamav&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/clamav&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/clamav&distro=openSUSE%20Tumbleweedpkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
< 0+ 11 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.5.2-150600.18.25.1
- (no CPE)range: < 1.5.2-160000.1.1
- (no CPE)range: < 1.5.2-1.1
- (no CPE)range: < 1.5.2-150600.18.25.1
- (no CPE)range: < 1.5.2-3.53.1
- (no CPE)range: < 1.5.2-150600.18.25.1
- (no CPE)range: < 1.5.2-150600.18.25.1
- (no CPE)range: < 1.5.2-3.53.1
- Cisco/Cisco Secure Endpointv5Range: 7.0.5
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.