CVE-2025-20128
Severity
7.5HIGH
EPSS
1.6%
top 18.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedJan 22
Latest updateJan 27
Description
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow th…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4
Affected Packages5 packages
🔴Vulnerability Details
3OSV▶
CVE-2025-20128: A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a d↗2025-01-22
GHSA▶
GHSA-6j5q-p9xp-3cc6: A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a d↗2025-01-22