{"id":"CVE-2025-20234","details":"A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.\r\nFor a description of this vulnerability, see the .","modified":"2026-03-13T15:00:47.983449Z","published":"2025-06-18T17:15:28.833Z","related":["SUSE-SU-2025:02119-1","SUSE-SU-2025:02200-1","SUSE-SU-2025:02201-1","openSUSE-SU-2025:15211-1"],"references":[{"type":"ADVISORY","url":"https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html"},{"type":"ADVISORY","url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-udf-hmwd9nDy"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cisco-talos/clamav","events":[{"introduced":"7d26bc8f6a801bb35ff7f2b154f33817e5863ea6"},{"fixed":"d8b053865fd5995f7af98bfbcd98c9a5644bfe2b"}],"database_specific":{"versions":[{"introduced":"1.2.0"},{"fixed":"1.4.3"}]}}],"versions":["clamav-1.2.0","clamav-1.3.0","clamav-1.3.0-rc","clamav-1.3.0-rc2","clamav-1.4.0","clamav-1.4.0-rc","clamav-1.4.1","clamav-1.4.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-20234.json","vanir_signatures":[{"deprecated":false,"signature_type":"Line","digest":{"line_hashes":["190015530276357700342780865688785711289","90010761790201096885469837227264413727","54157981050440576534464352548040004529","229169483082172892455379641560317814455"],"threshold":0.9},"target":{"file":"libclamav/bytecode_api.h"},"id":"CVE-2025-20234-18de29da","signature_version":"v1","source":"https://github.com/cisco-talos/clamav/commit/d8b053865fd5995f7af98bfbcd98c9a5644bfe2b"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"1.26.1"}]},{"events":[{"introduced":"0"},{"fixed":"1.26.1"}]},{"events":[{"introduced":"0"},{"fixed":"7.5.21"}]},{"events":[{"introduced":"8.0.1.21160"},{"fixed":"8.4.5"}]},{"events":[{"introduced":"0"},{"fixed":"4.2.2"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}