CVSS 3.1 Score 7.5 of 10 (high)


Published Feb 7, 2024
Updated: Feb 15, 2024
CWE ID 125
CWE ID 126


CVE-2024-20290 is a vulnerability in the OLE2 file format parser of ClamAV that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability arises from an incorrect check for end-of-string values during scanning, potentially leading to a heap buffer over-read. To exploit this vulnerability, the attacker would need to submit a crafted file containing OLE2 content for scanning by ClamAV on the targeted device. A successful exploitation could result in the termination of the ClamAV scanning process, causing a DoS condition and consuming system resources. The affected products include several versions of ClamAV. An organization can remediate this vulnerability by applying the necessary security patches or updates provided by ClamAV. The potential danger posed to organizations is the disruption of services and resource exhaustion caused by the DoS attack, potentially leading to downtime and loss of productivity.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.


Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-20290 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions