Clamav · Clamav · CVE-2024-20328
**Name of the Vulnerable Software and Affected Versions**
ClamAV (affected versions not specified)
**Description**
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account. The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.