USN-7615-2: ClamAV vulnerabilities
Publication date
7 July 2025
Overview
Several security issues were fixed in ClamAV.
Releases
Packages
- clamav - Anti-virus utility for Unix
Details
USN-7615-1 fixed several vulnerabilities in ClamAV. This update provides
the corresponding update for Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that ClamAV incorrectly handled scanning UDF files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2025-20234)
It was discovered that ClamAV incorrectly handled scanning PDF files. A
remote attacker could use this issue to cause ClamAV to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(CVE-2025-20260)
USN-7615-1 fixed several vulnerabilities in ClamAV. This update provides
the corresponding update for Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that ClamAV incorrectly handled scanning UDF files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2025-20234)
It was discovered that ClamAV incorrectly handled scanning PDF files. A
remote attacker could use this issue to cause ClamAV to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(CVE-2025-20260)
Update instructions
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 20.04 focal | clamav – 1.4.3+dfsg-0ubuntu0.20.04.1+esm1 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.