%20(1).webp?w=1600&resize=1600,900&ssl=1)
ClamAV, the open-source antivirus engine maintained by Cisco, has announced the release of two new security patch versions, 1.4.2 and 1.0.8, to address critical vulnerabilities.
These updates are now available for download on the ClamAV downloads page, GitHub Release page, and Docker Hub.
Key Fixes in ClamAV 1.4.2
The ClamAV 1.4.2 patch addresses a critical vulnerability tracked as CVE-2025-20128, which involves a buffer overflow read bug in the Object Linking and Embedding 2 (OLE2) file parser.
This flaw could allow unauthenticated attackers to trigger a denial-of-service (DoS) condition by submitting maliciously crafted files for scanning. The issue was introduced in version 1.0.0 and affects all currently supported versions of ClamAV.
The vulnerability was identified through OSS-Fuzz, a fuzzing service for uncovering security vulnerabilities in open-source software.
The patch ensures that affected systems are protected against potential exploitation that could disrupt antivirus scanning processes.
Enhancements in ClamAV 1.0.8
In addition to fixing CVE-2025-20128, the ClamAV 1.0.8 update includes a resolution for an infinite loop issue in the ClamOnAcc feature when a watched directory does not exist.
This fix is a backport from ClamAV version 1.3.0, further improving system stability and performance.
Both patches are critical for users relying on ClamAV to secure their systems against malware and other threats.
Users are strongly encouraged to update to these versions to mitigate risks associated with these vulnerabilities.
Impact of CVE-2025-20128
The CVE-2025-20128 vulnerability is considered severe due to its potential to render antivirus scanning temporarily inoperative, delaying or disrupting critical operations on affected systems.
Exploitation occurs when a specially crafted file containing OLE2 content is scanned by ClamAV, leading to a heap-based buffer overflow read.
Cisco clarified that while successful exploitation could terminate the scanning process, overall system stability would remain unaffected.
The vulnerability impacts multiple platforms, including Linux, Mac, and Windows Secure Endpoint Connector software.
Users of ClamAV are advised to immediately update their systems to versions 1.4.2 or 1.0.8 to safeguard against these vulnerabilities.
The updates can be accessed through official channels such as the ClamAV website, GitHub, and Docker Hub.
Also Read:
%20(1).webp?w=1200&resize=1200,0&ssl=1 "Warning for WordPress Admins – Fake SEO Plugins Hijacking Websites")
%20(1).webp?w=1200&resize=1200,0&ssl=1 "Apache APISIX Flaw Enables Unauthorized Cross-Issuer Access Due to Misconfigurations")
%20(1).webp?w=1200&resize=1200,0&ssl=1 "Instagram Adopts Daily TLS Certificate Rotation with One-Week Validity")
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=These%20updates%20are%20now%20available%20for%20download%20on%20the%20ClamAV%20downloads%20page,%20GitHub%20Release%20page,%20and%20Docker%20Hub.){kind=link}