The ClamAV team has announced the release of security patch updates for ClamAV versions 1.4.2 and 1.0.8. These updates address a critical vulnerability and include additional fixes to improve the platform’s stability and security.
ClamAV is an open-source antivirus engine widely used to detect malicious software, viruses, and trojans. With a strong focus on security, ClamAV remains a trusted solution for both individuals and enterprises to safeguard their systems against evolving threats.
Cisco has issued a warning on a significant vulnerability in ClamAV’s Object Linking and Embedding 2 (OLE2) decryption routine.
Key Updates in ClamAV 1.4.2 and 1.0.8
Both versions include the following crucial fix:
A vulnerability (CVE-2025-20128) in the OLE2 file parser could lead to a buffer overflow read error, resulting in a potential denial-of-service (DoS) condition.
This flaw, first introduced in ClamAV 1.0.0, impacts all currently supported versions of the software. The issue has been resolved in these latest releases, ensuring enhanced protection against this security risk.
The vulnerability was identified thanks to OSS-Fuzz, a continuous fuzzing service for identifying vulnerabilities in open-source software.
In addition to addressing the CVE-2025-20128 vulnerability, ClamAV 1.0.8 includes a fix for an infinite loop issue in ClamOnAcc, its on-access scanning tool.
The issue occurred when a watched directory did not exist. This fix was backported from ClamAV 1.3.0 and ensures a more robust handling of directory monitoring scenarios.
The ClamAV team strongly encourages all users to upgrade to the latest patched versions (1.4.2 or 1.0.8, depending on their current release branch) as soon as possible to protect against potential exploitation of the CVE-2025-20128 vulnerability.
Users relying on Docker images are advised to monitor Docker Hub for image availability.
The patched versions are now available for download from the official ClamAV downloads page, the GitHub release page, and through Docker Hub. However, Docker images may take some time to be fully available.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free