Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/clamav@1.4.2%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/clamav@1.4.2%2Bdfsg-1?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-vdhk-r67a-s3fr A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. CVE-2025-20128

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T12:38:04.905967+00:00 Debian Importer Fixing VCID-vdhk-r67a-s3fr https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T08:39:24.409833+00:00 Debian Importer Fixing VCID-vdhk-r67a-s3fr https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-02T17:15:39.432913+00:00 Debian Importer Fixing VCID-vdhk-r67a-s3fr https://security-tracker.debian.org/tracker/data/json 38.1.0