Alexander Patrakov

**Name of the Vulnerable Software and Affected Versions** ClamAV versions 0.103.5 and earlier ClamAV versions 0.104.2 and earlier **Description** A vulnerability in Clam AntiVirus (ClamAV) could allow an authenticated, local attacker to cause a denial of service condition on an affected device. The issue is related to a null pointer dereference error when checking the scan verdict cache. Exploitation of the vulnerability may allow a remote attacker to send specially crafted data to the application and perform a denial of service (DoS) attack. **Recommendations** For ClamAV versions 0.103.5 and earlier, update to a version later than 0.103.5 to resolve the issue. For ClamAV versions 0.104.2 and earlier, update to a version later than 0.104.2 to resolve the issue. As a temporary workaround, consider restricting access to the ClamAV scanning library to minimize the risk of exploitation.