CVE-2025-20260 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Critical
Remote	Yes
Type	Arbitrary code execution
Description	A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2903	clamav	1.4.2-2		Critical	Vulnerable

References
https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html https://nvd.nist.gov/vuln/detail/CVE-2025-20260