{"id":"CVE-2026-20216","details":"A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.\r\n\r\nThis vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerability by submitting a crafted InstallShield file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process and temporarily consume available system resources, resulting in a DoS condition on the affected software.","modified":"2026-07-15T18:29:34.382744378Z","published":"2026-07-01T17:16:29.973Z","related":["SUSE-SU-2026:22574-1","SUSE-SU-2026:2833-1","SUSE-SU-2026:2834-1","SUSE-SU-2026:2835-1","openSUSE-SU-2026:11182-1","openSUSE-SU-2026:21252-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_RANGE","vendor_product":"cisco:secure_endpoint","cpes":["cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*","cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*","cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*"],"extracted_events":[{"fixed":"1.27.2"},{"fixed":"1.29.0"},{"fixed":"8.6.2"}]}]},"references":[{"type":"ADVISORY","url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cisco-talos/clamav","events":[{"introduced":"0"},{"fixed":"e8b337754d18b6bc46d565e7b6d82843debb4793"},{"introduced":"83fd7f14fb8098826108be124219400ff08f44f7"},{"fixed":"b970812e9b6427e361c362762d94f7356597efe4"}],"database_specific":{"source":"CPE_RANGE","cpe":"cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"1.4.5"},{"introduced":"1.5.0"},{"fixed":"1.5.3"}]}}],"versions":["clamav-1.4.4","clamav-1.5.2","clamav-1.5.1","clamav-1.4.3","clamav-1.5.0","clamav-1.4.2","clamav-1.4.1","clamav-1.4.0","clamav-1.4.0-rc","clamav-1.3.0","clamav-1.3.0-rc2","clamav-1.3.0-rc","clamav-1.2.0","clamav-1.2.0-rc","clamav-1.1.0","clamav-1.1.0-rc","clamav-1.0.0","clamav-1.0.0-rc2","clamav-1.0.0-rc","clamav-0.105.0","clamav-0.105.0-rc2","clamav-0.105.0-rc","clamav-0.103.0","clamav-0.103.0-rc2","clamav-0.103.0-rc","clamav-0.102.0","clamav-0.101.0","clamav-0.97","clamav-0.97rc","clamav-0.96.5","clamav-0.96.4","clamav-0.96.3","clamav-0.96.2","clamav-0.96","clamav-0.96rc2","clamav-0.96rc1","merge-llvm-97877","r5076"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-20216.json","vanir_signatures_modified":"2026-07-15T07:30:13Z","vanir_signatures":[{"target":{"file":"libclamav/bytecode_api.h"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["292730809324198135824456427123530982316","48909975112402718040840392598089442483","244709564196882964306236474155638759448","70870381860622873231048469217867683607","48280512302990451540812787021173843633","84063886632477573345883041956578632475","306992310433978823207970714918426559768"]},"id":"CVE-2026-20216-42df490f","signature_type":"Line","signature_version":"v1","source":"https://github.com/cisco-talos/clamav/commit/b970812e9b6427e361c362762d94f7356597efe4"},{"source":"https://github.com/cisco-talos/clamav/commit/e8b337754d18b6bc46d565e7b6d82843debb4793","target":{"file":"libclamav/bytecode_api.h"},"deprecated":false,"digest":{"line_hashes":["25980081304948595529773044318868766445","139490683882163062933958223590198381964","30447695047841737820267435943470810888","167323549575839547577856716504685264826"],"threshold":0.9},"id":"CVE-2026-20216-ad39e5e0","signature_type":"Line","signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}