[Pkg-clamav-devel] Bug#1108045: clamav: CVE-2025-20234
Salvatore Bonaccorso
carnil at debian.org
Thu Jun 19 17:20:34 BST 2025
Source: clamav
Version: 1.4.2+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for clamav.
CVE-2025-20234[0]:
| A vulnerability in Universal Disk Format (UDF) processing of ClamAV
| could allow an unauthenticated, remote attacker to cause a denial of
| service (DoS) condition on an affected device. This vulnerability
| is due to a memory overread during UDF file scanning. An attacker
| could exploit this vulnerability by submitting a crafted file
| containing UDF content to be scanned by ClamAV on an affected
| device. A successful exploit could allow the attacker to terminate
| the ClamAV scanning process, resulting in a DoS condition on the
| affected software. For a description of this vulnerability, see the
| .
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-20234
https://www.cve.org/CVERecord?id=CVE-2025-20234
[1] https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html
Regards,
Salvatore
More information about the Pkg-clamav-devel
mailing list