Stefanos Stamatis

**Name of the Vulnerable Software and Affected Versions** ClamAV versions prior to 0.91.2 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash. This can be achieved through a crafted RTF file, which triggers a NULL dereference in the `cli scanrtf` function, or a crafted HTML document with a `data:` URI, triggering a NULL dereference in the `cli html normalise` function. **Recommendations** For ClamAV versions prior to 0.91.2, update to version 0.91.2 or later to resolve the issue. As a temporary workaround, consider restricting the processing of RTF files and HTML documents with `data:` URIs to minimize the risk of exploitation.