
Cloud Vulnerability DB
A community-led vulnerabilities database
A critical vulnerability (CVE-2025-20260) was discovered in ClamAV's PDF scanning processes, disclosed on June 18, 2025. This security flaw affects all supported versions of ClamAV and exists due to incorrect memory buffer allocation during PDF file processing. The vulnerability received a CVSS score of 9.8, indicating its critical severity (NVD, ClamAV Blog).
The vulnerability is classified as a heap-based buffer overflow (CWE-122) that occurs when processing PDF files under specific configurations. The bug is only triggered when both max-filesize is set to ≥1024MB and max-scan-size is set to ≥1025MB. While the code flaw existed before version 1.0.0, it became exploitable due to changes in version 1.0.0 that enabled larger memory allocations from untrusted input (SecurityOnline, ClamAV Blog).
The vulnerability can allow an unauthenticated, remote attacker to cause multiple severe impacts: trigger a buffer overflow leading to denial of service (DoS) conditions, crash the antivirus engine, or potentially execute arbitrary code with the privileges of the ClamAV process. This is particularly concerning for enterprise or high-throughput environments where ClamAV scans large document archives or email attachments (NVD, SecurityOnline).
Cisco has released security patches to address this vulnerability in ClamAV versions 1.4.3 and 1.0.9 (for long-term support users). Users are strongly encouraged to upgrade to these patched versions as soon as possible, particularly if using custom configurations that increase scanning thresholds (ClamAV Blog).
The vulnerability was initially discovered by Greg Walkup at Sandia National Labs, highlighting the collaborative nature of security research in identifying critical flaws. The high CVSS score and potential for remote code execution has drawn significant attention from the security community (Wiz).
Source: This report was generated using AI
Free Vulnerability Assessment
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
"We know that if Wiz identifies something as critical, it actually is."