ALAS2023-2026-1631

A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit this vulnerability by submitting a crafted HTML file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the scanning process. (CVE-2026-20031)

aarch64:
    clamd1.5-debuginfo-1.5.2-1.amzn2023.0.1.aarch64
    clamav1.5-devel-1.5.2-1.amzn2023.0.1.aarch64
    clamav1.5-debuginfo-1.5.2-1.amzn2023.0.1.aarch64
    clamav1.5-milter-debuginfo-1.5.2-1.amzn2023.0.1.aarch64
    clamav1.5-lib-debuginfo-1.5.2-1.amzn2023.0.1.aarch64
    clamav1.5-freshclam-debuginfo-1.5.2-1.amzn2023.0.1.aarch64
    clamd1.5-1.5.2-1.amzn2023.0.1.aarch64
    clamav1.5-1.5.2-1.amzn2023.0.1.aarch64
    clamav1.5-milter-1.5.2-1.amzn2023.0.1.aarch64
    clamav1.5-freshclam-1.5.2-1.amzn2023.0.1.aarch64
    clamav1.5-lib-1.5.2-1.amzn2023.0.1.aarch64
    clamav1.5-debugsource-1.5.2-1.amzn2023.0.1.aarch64

noarch:
    clamav1.5-data-1.5.2-1.amzn2023.0.1.noarch
    clamav1.5-filesystem-1.5.2-1.amzn2023.0.1.noarch
    clamav1.5-doc-1.5.2-1.amzn2023.0.1.noarch

src:
    clamav1.5-1.5.2-1.amzn2023.0.1.src

x86_64:
    clamav1.5-debuginfo-1.5.2-1.amzn2023.0.1.x86_64
    clamd1.5-1.5.2-1.amzn2023.0.1.x86_64
    clamav1.5-freshclam-debuginfo-1.5.2-1.amzn2023.0.1.x86_64
    clamd1.5-debuginfo-1.5.2-1.amzn2023.0.1.x86_64
    clamav1.5-1.5.2-1.amzn2023.0.1.x86_64
    clamav1.5-devel-1.5.2-1.amzn2023.0.1.x86_64
    clamav1.5-milter-debuginfo-1.5.2-1.amzn2023.0.1.x86_64
    clamav1.5-lib-debuginfo-1.5.2-1.amzn2023.0.1.x86_64
    clamav1.5-milter-1.5.2-1.amzn2023.0.1.x86_64
    clamav1.5-freshclam-1.5.2-1.amzn2023.0.1.x86_64
    clamav1.5-lib-1.5.2-1.amzn2023.0.1.x86_64
    clamav1.5-debugsource-1.5.2-1.amzn2023.0.1.x86_64