Security ID : QSA-25-04
Vulnerability in ClamAV Discovered by OSS-Fuzz
Release date : January 28, 2025
CVE identifier : CVE-2025-20128
Affected products: None
Severity
None
Status
Not Affected
Summary
A security vulnerability has been identified in ClamAV, stemming from a potential buffer overflow read issue in the OLE2 file parser, which could result in a denial-of-service (DoS) condition.
After thorough investigation, we have determined that ClamAV for QTS and QuTS hero is not affected by this vulnerability.
Recommendation
We recommend regularly updating your system to the latest version to benefit from vulnerability fixes. You can check the product support status to see the latest updates available to your NAS model.
Reference
- Cisco: ClamAV OLE2 File Format Decryption Denial of Service Vulnerability
- ClamAV Blog: ClamAV 1.4.2 and 1.0.8 security patch versions published
Revision History: V1.0 (January 28, 2025) - Published
