CVE-2025-20234

| EUVD-2025-27685 MEDIUM
2025-06-18 [email protected]
5.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 14, 2026 - 22:49 euvd
EUVD-2025-27685
Analysis Generated
Mar 14, 2026 - 22:49 vuln.today
CVE Published
Jun 18, 2025 - 17:15 nvd
MEDIUM 5.3

Tags

Buffer Overflow Information Disclosure Denial Of Service Ubuntu Debian Secure Endpoint Clamav Secure Endpoint Private Cloud Suse

Description

A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the .

Analysis

A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the .

Technical Context

An out-of-bounds memory access occurs when code reads from or writes to memory locations outside the intended buffer boundaries. This vulnerability is classified as Out-of-bounds Read (CWE-125).

Affected Products

Affected products: Clamav Clamav, Cisco Secure Endpoint

Remediation

Implement proper bounds checking on all array and buffer accesses. Use memory-safe languages or static analysis tools to detect OOB issues.

Priority Score

27
Low Medium High Critical
KEV: 0
EPSS: +0.3
CVSS: +26
POC: 0

Vendor Status

Ubuntu

Priority: Medium
clamav
Release Status Version
jammy released 1.4.3+dfsg-0ubuntu0.22.04.1
noble released 1.4.3+dfsg-0ubuntu0.24.04.1
oracular released 1.4.3+dfsg-0ubuntu0.24.10.1
plucky released 1.4.3+dfsg-0ubuntu0.25.04.1
upstream released 1.4.3
focal released 1.4.3+dfsg-0ubuntu0.20.04.1+esm1
bionic not-affected code not present
trusty not-affected code not present
xenial not-affected code not present
USN-7615-1 USN-7615-2

Debian

Bug #1108045
clamav
Release Status Fixed Version Urgency
bullseye not-affected - -
bullseye (security) fixed 1.4.3+dfsg-1~deb11u1 -
bookworm not-affected - -
trixie fixed 1.4.3+dfsg-1 -
forky, sid fixed 1.4.3+dfsg-2 -
(unstable) fixed 1.4.3+dfsg-1 -

Share

CVE-2025-20234 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy