CVE-2022-20803

Name of the Vulnerable Software and Affected Versions Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2

Description The issue is related to the OLE2 file parser in Clam AntiVirus, which is vulnerable due to incorrect use of the realloc function, potentially resulting in a double-free. This could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device by submitting a crafted OLE2 file to be scanned by ClamAV. The vulnerability may also allow an attacker to execute arbitrary code by sending a specially crafted file, potentially leading to a crash of the ClamAV scanning process.

Recommendations For Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2, update to a version that fixes the incorrect use of the realloc function to prevent potential double-free vulnerabilities. As a temporary workaround, consider restricting the submission of OLE2 files to be scanned by ClamAV until a patch is available.