DoS Vulnerability in ClamAV DMG Parser
CVE-2026-20244
7.5HIGH
What is CVE-2026-20244?
A vulnerability exists in the DMG file format parser of ClamAV which could be exploited by an unauthenticated remote attacker. This vulnerability stems from inadequate boundary checks for DMG file content during scanning processes. On affected systems, particularly 32-bit platforms, this can lead to an integer overflow, allowing an attacker to submit a maliciously crafted DMG file to the scanning mechanism. The result may cause the ClamAV scanning process to terminate unexpectedly, creating a Denial of Service condition on the affected system and potentially leading to further ramifications.
Affected Version(s)
Cisco Secure Endpoint 7.0.5
Cisco Secure Endpoint 6.2.19
Cisco Secure Endpoint 7.3.3