ClamAV Releases Security Patches 1.4.2 and 1.0.8
/ 1 min read
🦪 ClamAV releases security patches 1.4.2 and 1.0.8 to address vulnerabilities. The latest updates for ClamAV include critical security patches aimed at fixing a buffer overflow read bug in the OLE2 file parser, which could lead to a denial-of-service (DoS) condition. This vulnerability, identified as CVE-2025-20128, affects all currently supported versions and was first introduced in version 1.0.0. Additionally, the 1.0.8 patch addresses an infinite loop issue related to non-existent watched directories, backporting a fix from version 1.3.0. Users can download the release files from the ClamAV downloads page, GitHub Release page, and Docker Hub, although availability on Docker Hub may vary.
Source

Original