CVE-2025-20128

A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.
For a description of this vulnerability, see the .
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
ciscoCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
Debian logo
Debian Releases
Debian Product
Codename
clamav
bullseye
postponed
bookworm
no-dsa
bullseye (security)
vulnerable
sid
1.4.2+dfsg-1
fixed
trixie
1.4.2+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
clamav
oracular
Fixed 1.4.2+dfsg-0ubuntu0.24.10.1
released
noble
Fixed 1.0.8+dfsg-0ubuntu0.24.04.1
released
jammy
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
Common Weakness Enumeration
References
https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA