CVE-2025-20128
Published: 22 January 2025
Description
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Security Summary
CVE-2025-20128 is a vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV, an open-source antivirus engine. The issue stems from an integer underflow in a bounds check that leads to a heap buffer overflow read. It affects ClamAV scanners processing OLE2 content, with a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) and is associated with CWE-122 (Heap-based Buffer Overflow).
An unauthenticated, remote attacker can exploit this vulnerability by submitting a specially crafted file containing OLE2 content to an affected ClamAV instance for scanning. Successful exploitation terminates the ClamAV scanning process, resulting in a denial-of-service (DoS) condition on the targeted device.
Advisories from ClamAV, Cisco, and Debian LTS confirm that software updates have been released to address the vulnerability, including patches in ClamAV versions such as 1.4.2 and 1.0.8. There are no workarounds available, and users are directed to apply the updates promptly as detailed in the referenced security bulletins.
Details
- CWE(s)