Home

Description

A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit this vulnerability by submitting a crafted HTML file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the scanning process.

PUBLISHED Reserved 2025-10-08 | Published 2026-03-04 | Updated 2026-03-05 | Assigner cisco




MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Problem types

Uncaught Exception

Product status

Default status
unknown

7.0.5
affected

6.2.19
affected

7.3.3
affected

7.2.13
affected

6.1.5
affected

6.3.1
affected

6.2.5
affected

7.3.5
affected

6.2.1
affected

7.2.7
affected

7.1.1
affected

6.3.5
affected

6.2.9
affected

7.3.1
affected

6.1.7
affected

7.2.11
affected

7.2.3
affected

7.1.5
affected

6.3.3
affected

7.3.9
affected

6.2.3
affected

6.1.9
affected

6.0.9
affected

7.2.5
affected

6.0.7
affected

6.3.7
affected

1.12.3
affected

1.8.0
affected

1.11.1
affected

1.12.4
affected

1.10.0
affected

1.12.0
affected

1.8.1
affected

1.10.1
affected

1.12.1
affected

1.12.6
affected

1.14.0
affected

1.10.2
affected

1.12.7
affected

1.12.2
affected

1.6.0
affected

1.9.0
affected

1.11.0
affected

1.7.0
affected

1.13.0
affected

1.8.4
affected

1.13.1
affected

1.9.1
affected

1.12.5
affected

1.13.2
affected

2.0.2
affected

1.1.0
affected

2.0.0
affected

2.0.1
affected

8.1.7.21512
affected

8.1.7
affected

8.1.5
affected

8.1.3.21242
affected

8.1.3
affected

8.1.5.21322
affected

8.1.7.21417
affected

2.1.0.14
affected

2.2.0
affected

2.3.0
affected

2.4.0
affected

2.5.0
affected

2.6.0
affected

2.7.0
affected

2.8.0
affected

2.9.0
affected

2.10.0
affected

2.10.1
affected

2.11.0
affected

1.14.1
affected

1.15.1
affected

1.15.2
affected

1.15.3
affected

1.15.4
affected

1.15.5
affected

1.15.6
affected

1.16.0
affected

1.16.1
affected

1.16.2
affected

1.16.3
affected

1.18.0
affected

1.18.1
affected

1.20.0
affected

1.21.0
affected

1.21.1
affected

1.21.2
affected

1.21.3
affected

1.22.0
affected

1.22.1
affected

1.22.2
affected

1.22.3
affected

1.22.4
affected

1.24.0
affected

1.24.1
affected

1.24.2
affected

1.24.3
affected

1.24.4
affected

1.26.0
affected

1.24.5
affected

1.26.1
affected

1.27.0
affected

1.15.0
affected

1.17.0
affected

1.17.1
affected

1.17.2
affected

1.19.0
affected

1.20.1
affected

1.20.2
affected

1.20.3
affected

1.20.4
affected

1.20.5
affected

1.20.6
affected

1.23.0
affected

1.23.1
affected

1.20.7
affected

1.20.8
affected

1.25.0
affected

1.25.1
affected

1.25.2
affected

1.27.1
affected

1.27.2
affected

7.3.13
affected

7.3.15
affected

7.4.1
affected

7.4.1.20425
affected

7.4.1.20439
affected

7.4.3
affected

7.4.3.20679
affected

7.4.5
affected

7.5.1.20813
affected

7.5.1.20833
affected

7.5.3
affected

7.5.5
affected

8.0.1.21160
affected

8.0.1.21164
affected

7.5.7
affected

7.5.9
affected

7.5.11
affected

8.1.7.21585
affected

7.5.13.21586
affected

7.5.13.21598
affected

8.2.1.21612
affected

8.2.1.21650
affected

7.5.15.21611
affected

7.5.17.21680
affected

8.2.3.30119
affected

8.2.4.30130
affected

8.4.0
affected

7.5.19
affected

8.4.1.30298
affected

8.4.2.30317
affected

8.4.1.30307
affected

7.5.20
affected

8.4.3
affected

8.4.4.30419
affected

8.4.4.30467
affected

7.5.21.21732
affected

8.4.5.30483
affected

References

sec.cloudapps.cisco.com/...visory/cisco-sa-clamav-css-Fn4QSZ (cisco-sa-clamav-css-Fn4QSZ)

cve.org (CVE-2026-20031)

nvd.nist.gov (CVE-2026-20031)

Download JSON