Bug 2373726 (CVE-2025-20260)
| Summary: | CVE-2025-20260 clamav: ClamAV PDF Scanning Buffer Overflow Vulnerability | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | unspecified | CC: | dfreiber, drow, jburrell, vkumar |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A vulnerability has been discovered in the PDF parsing engine of ClamAV. This flaw can be exploited to achieve remote code execution (RCE). Given that ClamAV is routinely used to process untrusted input (for example, email attachments and downloaded files), a malicious PDF document could trigger this vulnerability, allowing an attacker to execute arbitrary code on the system running ClamAV.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2373744, 2373746, 2373747, 2373749, 2373750, 2373752, 2373753, 2373756, 2373757, 2373745, 2373748, 2373751, 2373754, 2373755 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-06-18 18:01:13 UTC
|