CVE-2025-20128

MEDIUM

ClamAV - DoS

Title source: llm

Description

A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

References (3)

Core 3

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/09/msg00006.html

Vendor Advisory

https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html

Third Party Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA

Scores

CVSS v3 5.3

EPSS 0.0158

EPSS Percentile 81.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-122

Status published

Products (5)

cisco/secure_endpoint < 1.24.4

cisco/secure_endpoint < 1.25.1

cisco/secure_endpoint < 7.5.20

cisco/secure_endpoint_private_cloud < 4.2.0

clamav/clamav 1.0.0 - 1.0.8

Published Jan 22, 2025

Tracked Since Feb 18, 2026