// For flags

CVE-2025-20260

ClamAV PDF Scanning Buffer Overflow Vulnerability

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process.

It was discovered that ClamAV incorrectly handled scanning UDF files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. It was discovered that ClamAV incorrectly handled scanning PDF files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2024-10-10 CVE Reserved
  • 2025-06-18 CVE Published
  • 2025-06-19 CVE Updated
  • 2025-06-24 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-122: Heap-based Buffer Overflow
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
 ClamAV
Search vendor "Cisco" for product "ClamAV"
 1.4.2
Search vendor "Cisco" for product "ClamAV" and version "1.4.2"
en
Affected
Cisco
Search vendor "Cisco"
 ClamAV
Search vendor "Cisco" for product "ClamAV"
 1.4.1
Search vendor "Cisco" for product "ClamAV" and version "1.4.1"
en
Affected
Cisco
Search vendor "Cisco"
 ClamAV
Search vendor "Cisco" for product "ClamAV"
 1.4.0
Search vendor "Cisco" for product "ClamAV" and version "1.4.0"
en
Affected
Cisco
Search vendor "Cisco"
 ClamAV
Search vendor "Cisco" for product "ClamAV"
 1.3.2
Search vendor "Cisco" for product "ClamAV" and version "1.3.2"
en
Affected
Cisco
Search vendor "Cisco"
 ClamAV
Search vendor "Cisco" for product "ClamAV"
 1.3.1
Search vendor "Cisco" for product "ClamAV" and version "1.3.1"
en
Affected
Cisco
Search vendor "Cisco"
 ClamAV
Search vendor "Cisco" for product "ClamAV"
 1.3.0
Search vendor "Cisco" for product "ClamAV" and version "1.3.0"
en
Affected
Cisco
Search vendor "Cisco"
 ClamAV
Search vendor "Cisco" for product "ClamAV"
 1.2.3
Search vendor "Cisco" for product "ClamAV" and version "1.2.3"
en
Affected
Cisco
Search vendor "Cisco"
 ClamAV
Search vendor "Cisco" for product "ClamAV"
 1.2.2
Search vendor "Cisco" for product "ClamAV" and version "1.2.2"
en
Affected
Cisco
Search vendor "Cisco"
 ClamAV
Search vendor "Cisco" for product "ClamAV"
 1.2.1
Search vendor "Cisco" for product "ClamAV" and version "1.2.1"
en
Affected
Cisco
Search vendor "Cisco"
 ClamAV
Search vendor "Cisco" for product "ClamAV"
 1.2.0
Search vendor "Cisco" for product "ClamAV" and version "1.2.0"
en
Affected