Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/clamav@1.0.9%2Bdfsg-1~deb12u1?distro=trixie
Typedeb
Namespacedebian
Nameclamav
Version1.0.9+dfsg-1~deb12u1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.4.1+dfsg-1
Latest_non_vulnerable_version1.4.4+dfsg-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-63vt-1nc8-6kfc
vulnerability_id VCID-63vt-1nc8-6kfc
summary A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-20260
reference_id
reference_type
scores
0
value 0.00739
scoring_system epss
scoring_elements 0.72859
published_at 2026-04-09T12:55:00Z
1
value 0.00739
scoring_system epss
scoring_elements 0.7286
published_at 2026-04-13T12:55:00Z
2
value 0.00739
scoring_system epss
scoring_elements 0.72811
published_at 2026-04-02T12:55:00Z
3
value 0.00739
scoring_system epss
scoring_elements 0.72867
published_at 2026-04-12T12:55:00Z
4
value 0.00739
scoring_system epss
scoring_elements 0.72883
published_at 2026-04-11T12:55:00Z
5
value 0.00739
scoring_system epss
scoring_elements 0.72831
published_at 2026-04-04T12:55:00Z
6
value 0.00739
scoring_system epss
scoring_elements 0.72807
published_at 2026-04-07T12:55:00Z
7
value 0.00739
scoring_system epss
scoring_elements 0.72845
published_at 2026-04-08T12:55:00Z
8
value 0.01474
scoring_system epss
scoring_elements 0.80983
published_at 2026-04-21T12:55:00Z
9
value 0.01474
scoring_system epss
scoring_elements 0.80981
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-20260
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20260
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20260
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108046
reference_id 1108046
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108046
4
reference_url https://security.archlinux.org/AVG-2903
reference_id AVG-2903
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2903
5
reference_url https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html
reference_id clamav-143-and-109-security-patch.html
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-18T17:49:35Z/
url https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html
6
reference_url https://usn.ubuntu.com/7615-1/
reference_id USN-7615-1
reference_type
scores
url https://usn.ubuntu.com/7615-1/
7
reference_url https://usn.ubuntu.com/7615-2/
reference_id USN-7615-2
reference_type
scores
url https://usn.ubuntu.com/7615-2/
fixed_packages
0
url pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5kba-63mx-hya7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/clamav@1.0.9%2Bdfsg-1~deb11u1?distro=trixie
purl pkg:deb/debian/clamav@1.0.9%2Bdfsg-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.0.9%252Bdfsg-1~deb11u1%3Fdistro=trixie
2
url pkg:deb/debian/clamav@1.0.9%2Bdfsg-1~deb12u1?distro=trixie
purl pkg:deb/debian/clamav@1.0.9%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.0.9%252Bdfsg-1~deb12u1%3Fdistro=trixie
3
url pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5kba-63mx-hya7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2%3Fdistro=trixie
4
url pkg:deb/debian/clamav@1.4.3%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/clamav@1.4.3%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5kba-63mx-hya7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1%3Fdistro=trixie
5
url pkg:deb/debian/clamav@1.4.3%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/clamav@1.4.3%2Bdfsg-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5kba-63mx-hya7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-2%3Fdistro=trixie
6
url pkg:deb/debian/clamav@1.4.4%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/clamav@1.4.4%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.4%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2025-20260
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-63vt-1nc8-6kfc
1
url VCID-vdhk-r67a-s3fr
vulnerability_id VCID-vdhk-r67a-s3fr
summary A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-20128
reference_id
reference_type
scores
0
value 0.01581
scoring_system epss
scoring_elements 0.8162
published_at 2026-04-21T12:55:00Z
1
value 0.01581
scoring_system epss
scoring_elements 0.81617
published_at 2026-04-18T12:55:00Z
2
value 0.01581
scoring_system epss
scoring_elements 0.81585
published_at 2026-04-12T12:55:00Z
3
value 0.01581
scoring_system epss
scoring_elements 0.81616
published_at 2026-04-16T12:55:00Z
4
value 0.01581
scoring_system epss
scoring_elements 0.81598
published_at 2026-04-11T12:55:00Z
5
value 0.01581
scoring_system epss
scoring_elements 0.81578
published_at 2026-04-13T12:55:00Z
6
value 0.01625
scoring_system epss
scoring_elements 0.81845
published_at 2026-04-08T12:55:00Z
7
value 0.01625
scoring_system epss
scoring_elements 0.81799
published_at 2026-04-02T12:55:00Z
8
value 0.01625
scoring_system epss
scoring_elements 0.81822
published_at 2026-04-04T12:55:00Z
9
value 0.01625
scoring_system epss
scoring_elements 0.81819
published_at 2026-04-07T12:55:00Z
10
value 0.01625
scoring_system epss
scoring_elements 0.81852
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-20128
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20128
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20128
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093880
reference_id 1093880
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093880
4
reference_url https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA
reference_id cisco-sa-clamav-ole2-H549rphA
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-22T16:54:39Z/
url https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA
5
reference_url https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
reference_id clamav-142-and-108-security-patch.html
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-22T16:54:39Z/
url https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
6
reference_url https://usn.ubuntu.com/7229-1/
reference_id USN-7229-1
reference_type
scores
url https://usn.ubuntu.com/7229-1/
fixed_packages
0
url pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5kba-63mx-hya7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/clamav@1.0.9%2Bdfsg-1~deb11u1?distro=trixie
purl pkg:deb/debian/clamav@1.0.9%2Bdfsg-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.0.9%252Bdfsg-1~deb11u1%3Fdistro=trixie
2
url pkg:deb/debian/clamav@1.0.9%2Bdfsg-1~deb12u1?distro=trixie
purl pkg:deb/debian/clamav@1.0.9%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.0.9%252Bdfsg-1~deb12u1%3Fdistro=trixie
3
url pkg:deb/debian/clamav@1.4.2%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/clamav@1.4.2%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.2%252Bdfsg-1%3Fdistro=trixie
4
url pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5kba-63mx-hya7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2%3Fdistro=trixie
5
url pkg:deb/debian/clamav@1.4.3%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/clamav@1.4.3%2Bdfsg-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5kba-63mx-hya7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1%3Fdistro=trixie
6
url pkg:deb/debian/clamav@1.4.3%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/clamav@1.4.3%2Bdfsg-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5kba-63mx-hya7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-2%3Fdistro=trixie
7
url pkg:deb/debian/clamav@1.4.4%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/clamav@1.4.4%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.4%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2025-20128
risk_score 1.6
exploitability 0.5
weighted_severity 3.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vdhk-r67a-s3fr
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.0.9%252Bdfsg-1~deb12u1%3Fdistro=trixie