Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Debian 11: ClamAV Critical DoS Advisory DLA-4292-1 CVE-2025-20128

debian lts
Calendar Grey September 4, 2025
Dist Debian Esm H88
A crucial OpenSSH patch has been released to fix serious security vulnerabilities that could lead to unauthorized access and privilege escalation. Ubuntu 20.04 users should update now
A couple of vulnerabilities have been fixed in ClamAV, an anti-virus utility for Unix
Topics%20covered

Topics Covered

security advisory buffer overflow critical debian DoS clamav

Summary

CVE-2025-20128

The Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV
could allow an unauthenticated, remote attacker to cause a denial of service
(DoS) condition on an affected device.

CVE-2025-20260

The PDF scanning processes of ClamAV could allow an unauthenticated, remote
attacker to cause a buffer overflow condition, cause a denial of service (DoS)
condition, or execute arbitrary code on an affected device.

For Debian 11 bullseye, these problems have been fixed in version
1.0.9+dfsg-1~deb11u1.

We recommend that you upgrade your clamav packages.

For the detailed security status of clamav please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/clamav

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
critical
Lowest
Low
Medium
High
Critical

Package: clamav
Version: 1.0.9+dfsg-1~deb11u1
CVE ID: CVE-2025-20128 CVE-2025-20260
Debian Bug: 1093880 1108046

Topics%20covered

Topics Covered

security advisory buffer overflow critical debian DoS clamav

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here