CVE-2023-20197

Summary

CVE-2023-20197 is a vulnerability affecting the filesystem image parser in ClamAV's handling of Hierarchical File System Plus (HFS+). This issue arises from an inadequate check for completion during file decompression, potentially resulting in a loop condition. An attacker can exploit this flaw by submitting specially crafted HFS+ filesystem images to ClamAV, causing the scanning process to enter an infinite loop and leading to a Denial of Service (DoS) condition on the affected device. The vulnerability consumes system resources as the ClamAV software becomes unresponsive. For further details, please refer to the ClamAV blog on this matter.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.