CVE-2025-20128
Severity CVSS v4.0:
Pending analysis
Type:
CWE-122
Heap-based Buffer Overflow
Publication date:
22/01/2025
Last modified:
03/11/2025
Description
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.<br />
<br />
This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.<br />
For a description of this vulnerability, see the .<br />
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:* | 1.0.0 (including) | 1.0.8 (excluding) |
| cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:* | 1.1.0 (including) | 1.4.2 (excluding) |
| cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:* | 1.24.4 (excluding) | |
| cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:* | 1.25.1 (excluding) | |
| cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:* | 7.5.20 (excluding) | |
| cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:* | 8.0.1.21160 (including) | 8.4.3 (excluding) |
| cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:* | 4.2.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page