CVE-2021-1252: 
Clam AntiVirus vulnerability analysis and mitigation

A vulnerability was discovered in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1. The vulnerability (CVE-2021-1252) was disclosed on April 8, 2021, and is due to improper error handling that may result in an infinite loop. This vulnerability affects the Excel document parsing functionality in ClamAV (NVD, ClamAV Blog).

The vulnerability is characterized by improper error handling in the Excel XLM macro parsing module, which can result in an infinite loop condition. The severity of this vulnerability is rated as HIGH with a CVSS v3.1 Base Score of 7.5 (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). The vulnerability is classified under CWE-835 (Loop with Unreachable Exit Condition) and CWE-20 (Improper Input Validation) (NVD).

An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. A successful exploit could cause the ClamAV scanning process to hang, resulting in a denial of service condition. This could potentially disrupt antivirus scanning capabilities on affected systems (NVD).

The vulnerability was patched in ClamAV version 0.103.2. Users are advised to update their ClamAV installations to this version or later. The fix was released on April 7, 2021, as part of a security patch release that addressed multiple vulnerabilities (ClamAV Blog).