{"id":"CVE-2025-20128","details":"A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.\r\nFor a description of this vulnerability, see the .\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.","modified":"2026-03-19T04:40:55.695908Z","published":"2025-01-22T17:15:12.583Z","related":["CGA-qg32-9x9x-8xjj","MGASA-2025-0031","SUSE-SU-2025:0325-1","SUSE-SU-2025:0327-1","SUSE-SU-2025:0328-1","openSUSE-SU-2025:14683-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/09/msg00006.html"},{"type":"ADVISORY","url":"https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html"},{"type":"ADVISORY","url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cisco-talos/clamav","events":[{"introduced":"09f373f82ad0978e267cc9b795aa93d7f8e8b7d2"},{"fixed":"9a2c6425ad4c5a2a38bf641c8e4631243805dcd1"},{"introduced":"2a21451e1f3585ac99cd15c3c06371fa478dfad1"},{"fixed":"98882f5f019ded3b96bacc17a9d1d65fb96dd686"}],"database_specific":{"versions":[{"introduced":"1.0.0"},{"fixed":"1.0.8"},{"introduced":"1.1.0"},{"fixed":"1.4.2"}]}}],"versions":["clamav-1.0.0","clamav-1.0.1","clamav-1.0.2","clamav-1.0.3","clamav-1.0.4","clamav-1.0.5","clamav-1.0.6","clamav-1.0.7","clamav-1.1.0","clamav-1.1.0-rc","clamav-1.2.0","clamav-1.2.0-rc","clamav-1.3.0","clamav-1.3.0-rc","clamav-1.3.0-rc2","clamav-1.4.0","clamav-1.4.0-rc","clamav-1.4.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-20128.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"1.24.4"}]},{"events":[{"introduced":"0"},{"fixed":"1.25.1"}]},{"events":[{"introduced":"0"},{"fixed":"7.5.20"}]},{"events":[{"introduced":"8.0.1.21160"},{"fixed":"8.4.3"}]},{"events":[{"introduced":"0"},{"fixed":"4.2.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}