Michal Dardas

**Name of the Vulnerable Software and Affected Versions** ClamAV versions 0.103.5 and earlier ClamAV versions 0.104.0 through 0.104.2 **Description** A vulnerability in the HTML file parser of Clam AntiVirus could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The issue is related to memory leaks when parsing HTML files, which can be exploited by sending a specially crafted HTML file to the antivirus software, causing a memory leak and leading to a denial of service attack. **Recommendations** For ClamAV versions 0.103.5 and earlier, update to a version later than 0.103.5. For ClamAV versions 0.104.0 through 0.104.2, update to a version later than 0.104.2. As a temporary workaround, consider restricting the parsing of HTML files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ClamAV versions 0.103.5 and earlier ClamAV versions 0.104.0 through 0.104.2 **Description** A vulnerability in the CHM file parser of Clam AntiVirus could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The issue is related to errors in resource management during CHM file parsing, which may lead to a denial of service condition. Exploitation of the vulnerability may allow a remote attacker to consume all available system resources, causing a denial of service. **Recommendations** For ClamAV versions 0.103.5 and earlier, update to a version later than 0.103.5. For ClamAV versions 0.104.0 through 0.104.2, update to a version later than 0.104.2. As a temporary workaround, consider disabling the CHM file parser until a patch is available. Restrict access to the CHM file parser to minimize the risk of exploitation.