CNNVD-202506-2346 Information
CNNVD ID
CNNVD-202506-2346
Related CVE
- CNNVD Published: 2025-06-18
Description (Chinese)
ClamAV(Clam AntiVirus)是ClamAV团队的一套免费且开源的杀毒软件。该软件用于检测木马、病毒、恶意软件和其他恶意威胁。 ClamAV(Clam AntiVirus)存在缓冲区错误漏洞,该漏洞源于UDF文件扫描期间内存过度读取,可能导致拒绝服务攻击。
Description (English)
ClamAV (Clam AntiVirus) is a free and open-source poison-killer for the ClamAV team. The software is used to detect horse, virus, malicious software and other malicious threats. ClamAV (Clam AntiVirus) has an error loophole in the buffer zone, which stems from overreading during the scanning of UDF documents, which may lead to a denial of service attack.
Hazard Level
High
Vulnerability Type
缓冲区错误
Affected Vendor
ClamAV
Published
2025-06-18
Last Modified
2026-02-24
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-udf-hmwd9nDy https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html https://vigilance.fr/vulnerability/ClamAV-out-of-bounds-memory-reading-via-UDF-File-Parser-47473 https://access.redhat.com/security/cve/cve-2025-20234
Patch
https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html
Share on: