{"url":"http://public2.vulnerablecode.io/api/packages/1050980?format=json","purl":"pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2","type":"deb","namespace":"debian","name":"clamav","version":"1.4.3+dfsg-1~deb12u2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.4.4+dfsg-1","latest_non_vulnerable_version":"1.4.4+dfsg-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/267343?format=json","vulnerability_id":"VCID-5kba-63mx-hya7","summary":"A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit this vulnerability by submitting a crafted HTML file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the scanning process.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-20031","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12305","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12343","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12336","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12303","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12192","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12108","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12244","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12903","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13002","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12929","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31636","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31592","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33099","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33041","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33085","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33118","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.3312","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33082","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33058","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33076","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-20031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20031"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-css-Fn4QSZ","reference_id":"cisco-sa-clamav-css-Fn4QSZ","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-05T15:51:58Z/"}],"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-css-Fn4QSZ"},{"reference_url":"https://usn.ubuntu.com/8207-1/","reference_id":"USN-8207-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8207-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1066816?format=json","purl":"pkg:deb/debian/clamav@1.4.4%2Bdfsg-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.4%252Bdfsg-1"}],"aliases":["CVE-2026-20031"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5kba-63mx-hya7"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96514?format=json","vulnerability_id":"VCID-63vt-1nc8-6kfc","summary":"A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device.\r \r This vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-20260","reference_id":"","reference_type":"","scores":[{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72859","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.7286","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72811","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72867","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72883","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72831","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72807","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00739","scoring_system":"epss","scoring_elements":"0.72845","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.81137","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.8106","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.81082","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.81078","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.81096","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.80981","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.80983","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.81004","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.81014","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.81024","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.81038","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-20260"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20260","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20260"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108046","reference_id":"1108046","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108046"},{"reference_url":"https://security.archlinux.org/AVG-2903","reference_id":"AVG-2903","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2903"},{"reference_url":"https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html","reference_id":"clamav-143-and-109-security-patch.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-18T17:49:35Z/"}],"url":"https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html"},{"reference_url":"https://usn.ubuntu.com/7615-1/","reference_id":"USN-7615-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7615-1/"},{"reference_url":"https://usn.ubuntu.com/7615-2/","reference_id":"USN-7615-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7615-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050980?format=json","purl":"pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5kba-63mx-hya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2"}],"aliases":["CVE-2025-20260"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-63vt-1nc8-6kfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51466?format=json","vulnerability_id":"VCID-ggz7-h35v-p7ep","summary":"Multiple vulnerabilities have been discovered in ClamAV, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20505","reference_id":"","reference_type":"","scores":[{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74059","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74107","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74092","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74062","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00803","scoring_system":"epss","scoring_elements":"0.74088","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75727","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75671","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75656","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75672","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75554","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75532","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75523","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75566","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75571","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75558","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75596","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75601","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75605","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75616","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75645","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20505"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080962","reference_id":"1080962","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080962"},{"reference_url":"https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html","reference_id":"clamav-141-132-107-and-010312-security.html","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T13:35:13Z/"}],"url":"https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html"},{"reference_url":"https://security.gentoo.org/glsa/202507-03","reference_id":"GLSA-202507-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202507-03"},{"reference_url":"https://usn.ubuntu.com/7011-1/","reference_id":"USN-7011-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7011-1/"},{"reference_url":"https://usn.ubuntu.com/7011-2/","reference_id":"USN-7011-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7011-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050980?format=json","purl":"pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5kba-63mx-hya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2"}],"aliases":["CVE-2024-20505"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ggz7-h35v-p7ep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96513?format=json","vulnerability_id":"VCID-vdhk-r67a-s3fr","summary":"A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r \r This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.\r For a description of this vulnerability, see the .\r Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-20128","reference_id":"","reference_type":"","scores":[{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.81775","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.81616","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.81617","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.8162","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.81642","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.81651","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.81656","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.81672","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.81694","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.81718","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.81734","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.81598","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.81585","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01581","scoring_system":"epss","scoring_elements":"0.81578","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01625","scoring_system":"epss","scoring_elements":"0.81799","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01625","scoring_system":"epss","scoring_elements":"0.81822","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01625","scoring_system":"epss","scoring_elements":"0.81819","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01625","scoring_system":"epss","scoring_elements":"0.81845","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01625","scoring_system":"epss","scoring_elements":"0.81852","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-20128"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20128","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20128"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093880","reference_id":"1093880","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093880"},{"reference_url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA","reference_id":"cisco-sa-clamav-ole2-H549rphA","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-22T16:54:39Z/"}],"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA"},{"reference_url":"https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html","reference_id":"clamav-142-and-108-security-patch.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-22T16:54:39Z/"}],"url":"https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html"},{"reference_url":"https://usn.ubuntu.com/7229-1/","reference_id":"USN-7229-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7229-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050980?format=json","purl":"pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5kba-63mx-hya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2"}],"aliases":["CVE-2025-20128"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vdhk-r67a-s3fr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51467?format=json","vulnerability_id":"VCID-wjvc-p75d-p3a9","summary":"Multiple vulnerabilities have been discovered in ClamAV, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20506","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.1097","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10817","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10889","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10873","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10918","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10982","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10808","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10884","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10937","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10938","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10905","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10883","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10742","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10755","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10881","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10841","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.108","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.1074","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10683","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-20506"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080962","reference_id":"1080962","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080962"},{"reference_url":"https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html","reference_id":"clamav-141-132-107-and-010312-security.html","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T13:34:43Z/"}],"url":"https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html"},{"reference_url":"https://security.gentoo.org/glsa/202507-03","reference_id":"GLSA-202507-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202507-03"},{"reference_url":"https://usn.ubuntu.com/7011-1/","reference_id":"USN-7011-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7011-1/"},{"reference_url":"https://usn.ubuntu.com/7011-2/","reference_id":"USN-7011-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7011-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1050980?format=json","purl":"pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5kba-63mx-hya7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2"}],"aliases":["CVE-2024-20506"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wjvc-p75d-p3a9"}],"risk_score":"1.6","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2"}