ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Clamav
Debian Linux
NVD
CVSS 3.0
3.3
EPSS
1.6%