ALAS2023-2026-1630

A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit this vulnerability by submitting a crafted HTML file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the scanning process. (CVE-2026-20031)

aarch64:
    clamav1.4-debuginfo-1.4.4-1.amzn2023.0.1.aarch64
    clamav1.4-1.4.4-1.amzn2023.0.1.aarch64
    clamd1.4-debuginfo-1.4.4-1.amzn2023.0.1.aarch64
    clamav1.4-milter-debuginfo-1.4.4-1.amzn2023.0.1.aarch64
    clamav1.4-devel-1.4.4-1.amzn2023.0.1.aarch64
    clamav1.4-freshclam-debuginfo-1.4.4-1.amzn2023.0.1.aarch64
    clamav1.4-lib-debuginfo-1.4.4-1.amzn2023.0.1.aarch64
    clamd1.4-1.4.4-1.amzn2023.0.1.aarch64
    clamav1.4-milter-1.4.4-1.amzn2023.0.1.aarch64
    clamav1.4-freshclam-1.4.4-1.amzn2023.0.1.aarch64
    clamav1.4-lib-1.4.4-1.amzn2023.0.1.aarch64
    clamav1.4-debugsource-1.4.4-1.amzn2023.0.1.aarch64

noarch:
    clamav1.4-data-1.4.4-1.amzn2023.0.1.noarch
    clamav1.4-doc-1.4.4-1.amzn2023.0.1.noarch
    clamav1.4-filesystem-1.4.4-1.amzn2023.0.1.noarch

src:
    clamav1.4-1.4.4-1.amzn2023.0.1.src

x86_64:
    clamd1.4-1.4.4-1.amzn2023.0.1.x86_64
    clamd1.4-debuginfo-1.4.4-1.amzn2023.0.1.x86_64
    clamav1.4-debuginfo-1.4.4-1.amzn2023.0.1.x86_64
    clamav1.4-milter-1.4.4-1.amzn2023.0.1.x86_64
    clamav1.4-milter-debuginfo-1.4.4-1.amzn2023.0.1.x86_64
    clamav1.4-lib-debuginfo-1.4.4-1.amzn2023.0.1.x86_64
    clamav1.4-freshclam-debuginfo-1.4.4-1.amzn2023.0.1.x86_64
    clamav1.4-devel-1.4.4-1.amzn2023.0.1.x86_64
    clamav1.4-1.4.4-1.amzn2023.0.1.x86_64
    clamav1.4-freshclam-1.4.4-1.amzn2023.0.1.x86_64
    clamav1.4-lib-1.4.4-1.amzn2023.0.1.x86_64
    clamav1.4-debugsource-1.4.4-1.amzn2023.0.1.x86_64