Source: clamav Version: 1.4.2+dfsg-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for clamav. CVE-2025-20234[0]: | A vulnerability in Universal Disk Format (UDF) processing of ClamAV | could allow an unauthenticated, remote attacker to cause a denial of | service (DoS) condition on an affected device. This vulnerability | is due to a memory overread during UDF file scanning. An attacker | could exploit this vulnerability by submitting a crafted file | containing UDF content to be scanned by ClamAV on an affected | device. A successful exploit could allow the attacker to terminate | the ClamAV scanning process, resulting in a DoS condition on the | affected software. For a description of this vulnerability, see the | . If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-20234 https://www.cve.org/CVERecord?id=CVE-2025-20234 [1] https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html Regards, Salvatore
