Primary

Context

ClamAV Universal Disk Format Processing Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in ClamAV's handling of Universal Disk Format (UDF) files. This issue allows an unauthenticated, remote attacker to cause a memory overread during UDF file scanning, which can crash the ClamAV scanning process. The vulnerability affects ClamAV versions 1.2.0 prior to 1.4.3 and 1.0.8 prior to 1.0.9.

Impact

Exploitation of this vulnerability leads to a crash of the ClamAV scanning process, causing a denial-of-service condition on the affected software.

Remediation

Users can upgrade to ClamAV versions 1.4.3 or 1.0.9, both of which include the necessary fix. The release files for these versions are available on the ClamAV downloads page, the GitHub Release page, and through Docker Hub.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ClamAV Universal Disk Format Processing Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

ClamAV

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating