CVE-2025-20260
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-11-03
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| clamav | clamav | to 1.0.9 (exc) |
| clamav | clamav | From 1.2.0 (inc) to 1.4.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the PDF scanning process of ClamAV, where incorrect memory buffer allocation when processing PDF files can be exploited by an unauthenticated remote attacker. By submitting a specially crafted PDF file, the attacker can cause a buffer overflow, potentially leading to the termination of the ClamAV scanning process (denial of service) or possibly executing arbitrary code with the privileges of the ClamAV process.
How can this vulnerability impact me? :
If exploited, this vulnerability can cause a denial of service by crashing the ClamAV scanning process, disrupting malware scanning operations. Additionally, there is a risk that an attacker could execute arbitrary code on the affected device with the same privileges as ClamAV, potentially leading to further compromise of the system.