ClamAV OLE2 Decryption Integer Underflow Causes DoS
CVE-2025-20128 Published on January 22, 2025
ClamAV OLE2 File Format Decryption Denial of Service Vulnerability
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.
For a description of this vulnerability, see the .
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Vulnerability Analysis
CVE-2025-20128 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.
Weakness Type
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Products Associated with CVE-2025-20128
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-20128 are published in these products:
Affected Versions
Cisco Secure Endpoint:- Version 7.0.5 is affected.
- Version 6.2.19 is affected.
- Version 7.3.3 is affected.
- Version 7.2.13 is affected.
- Version 6.1.5 is affected.
- Version 6.3.1 is affected.
- Version 6.2.5 is affected.
- Version 7.3.5 is affected.
- Version 6.2.1 is affected.
- Version 7.2.7 is affected.
- Version 7.1.1 is affected.
- Version 6.3.5 is affected.
- Version 6.2.9 is affected.
- Version 7.3.1 is affected.
- Version 6.1.7 is affected.
- Version 7.2.11 is affected.
- Version 7.2.3 is affected.
- Version 7.1.5 is affected.
- Version 6.3.3 is affected.
- Version 7.3.9 is affected.
- Version 6.2.3 is affected.
- Version 6.1.9 is affected.
- Version 7.2.5 is affected.
- Version 6.3.7 is affected.
- Version 1.12.3 is affected.
- Version 1.8.0 is affected.
- Version 1.11.1 is affected.
- Version 1.12.4 is affected.
- Version 1.10.0 is affected.
- Version 1.12.0 is affected.
- Version 1.8.1 is affected.
- Version 1.10.1 is affected.
- Version 1.12.1 is affected.
- Version 1.12.6 is affected.
- Version 1.14.0 is affected.
- Version 1.10.2 is affected.
- Version 1.12.2 is affected.
- Version 1.6.0 is affected.
- Version 1.11.0 is affected.
- Version 1.7.0 is affected.
- Version 1.13.0 is affected.
- Version 1.12.7 is affected.
- Version 1.8.4 is affected.
- Version 1.13.1 is affected.
- Version 1.9.0 is affected.
- Version 1.9.1 is affected.
- Version 1.12.5 is affected.
- Version 1.13.2 is affected.
- Version 8.1.7.21512 is affected.
- Version 8.1.7 is affected.
- Version 8.1.5 is affected.
- Version 8.1.3.21242 is affected.
- Version 8.1.3 is affected.
- Version 8.1.5.21322 is affected.
- Version 8.1.7.21417 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.