Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE: 2025:0327-1 important: clamav DoS buffer overflow

suse
Calendar Grey February 3, 2025
Dist Suse Esm H88
Recent SUSE security bulletins for ClamAV highlight the importance of keeping systems updated on vulnerabilities. Always apply the latest patches to minimize risks
* bsc#1102840 * bsc#1103032 * bsc#1180296 * bsc#1202986 * bsc#1211594

Summary

## This update for clamav fixes the following issues: New version 1.4.2: * CVE-2025-20128, bsc#1236307: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. * Start clamonacc with --fdpass to avoid errors due to clamd not being able to access user files. (bsc#1232242) * New version 1.4.1: * https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html * New version 1.4.0: * Added support for extracting ALZ archives. * Added support for extracting LHA/LZH archives. * Added the ability to disable image fuzzy hashing, if needed. For context, image fuzzy hashing is a detection mechanism useful for identifying malware by matching images included with the malware or phishing email/document.

Topics%20covered

Topics Covered

security advisory buffer overflow DoS important Denial of Service SUSE clamav

References

* bsc#1102840

* bsc#1103032

* bsc#1180296

* bsc#1202986

* bsc#1211594

* bsc#1214342

* bsc#1232242

* bsc#1236307

* jsc#PED-4596

Cross-

* CVE-2018-14679

* CVE-2023-20197

* CVE-2024-20380

* CVE-2024-20505

* CVE-2024-20506

* CVE-2025-20128

CVSS scores:

* CVE-2018-14679 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

* CVE-2018-14679 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2023-20197 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-20197 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-20380 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-20505 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:0327-1
Release Date: 2025-02-03T09:39:44Z
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow DoS important Denial of Service SUSE clamav

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here