Skip to main content

Clamav CVE-2025-20260

| EUVDEUVD-2025-18658 CRITICAL
Heap-based Buffer Overflow (CWE-122)
2025-06-18 psirt@cisco.com
Critical
Disputed · 9.8 NVD
Share

Severity by source

Sources disagree (Medium–Critical)
NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM
qualitative
SUSE
CRITICAL
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 14, 2026 - 22:49 euvd
EUVD-2025-18658
Analysis Generated
Mar 14, 2026 - 22:49 vuln.today
CVE Published
Jun 18, 2025 - 18:15 nvd
CRITICAL 9.8

DescriptionCVE.org

A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device.

This vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process.

AnalysisAI

A remote code execution vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated (CVSS 9.8). Critical severity with potential for significant impact on affected systems.

Technical ContextAI

CWE-122 (Heap-based Buffer Overflow). CVSS 9.8 indicates critical severity with likely remote exploitation vector. Affects the PDF scanning processes of ClamAV could allow an unauthenticated.

RemediationAI

Monitor vendor channels for patch availability. Consider network segmentation to limit exposure if patching is delayed.

More in Clamav

View all
CVE-2012-1459 MEDIUM
4.3 Mar 21

The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7,

CVE-2012-1457 MEDIUM
4.3 Mar 21

The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast!. Rated medium severity (CVSS 4.3), t

CVE-2012-1443 MEDIUM
4.3 Mar 21

The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVir

CVE-2014-9050 MEDIUM POC
5.0 Dec 01

Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers

CVE-2014-9328 HIGH
7.5 Feb 03

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "h

CVE-2023-20032 CRITICAL
9.8 Mar 01

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ p

CVE-2016-1372 MEDIUM POC
5.5 Oct 03

ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a

CVE-2016-1371 MEDIUM POC
5.5 Oct 03

ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a

CVE-2019-1798 MEDIUM POC
5.5 Apr 08

A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions

CVE-2019-1788 MEDIUM POC
5.5 Apr 08

A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software

CVE-2019-1787 MEDIUM POC
5.5 Apr 08

A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software version

CVE-2015-1462 HIGH
7.5 Feb 03

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "hea

Vendor StatusVendor

Ubuntu

Priority: Medium
clamav
Release Status Version
jammy released 1.4.3+dfsg-0ubuntu0.22.04.1
noble released 1.4.3+dfsg-0ubuntu0.24.04.1
oracular released 1.4.3+dfsg-0ubuntu0.24.10.1
plucky released 1.4.3+dfsg-0ubuntu0.25.04.1
upstream released 1.4.3
focal released 1.4.3+dfsg-0ubuntu0.20.04.1+esm1
bionic needed -
trusty needed -
xenial needed -
questing released 1.4.3+dfsg-0ubuntu1

Debian

Bug #1108046
clamav
Release Status Fixed Version Urgency
bullseye fixed 1.0.9+dfsg-1~deb11u1 -
bullseye (security) fixed 1.4.3+dfsg-1~deb11u1 -
bookworm fixed 1.0.9+dfsg-1~deb12u1 -
trixie fixed 1.4.3+dfsg-1 -
forky, sid fixed 1.4.3+dfsg-2 -
(unstable) fixed 1.4.3+dfsg-1 -

SUSE

Severity: Critical
Product Status
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production Affected
SUSE Enterprise Storage 7.1 Fixed
SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise High Performance Computing 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP6 Fixed
SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise High Performance Computing 15 SP7 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS Fixed

Share

CVE-2025-20260 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy