vulnerability

FreeBSD: VID-ecafc4af-fe8a-11ee-890c-08002784c58d (CVE-2024-20380): clamav -- Possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	Apr 19, 2024	Dec 10, 2025	Dec 10, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Apr 19, 2024

Added

Dec 10, 2025

Modified

Dec 10, 2025

Description

Błażej Pawłowski reports: A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.

Solution

freebsd-upgrade-package-clamav

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today