CLSA-2025-1756409595

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1756409595.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2025-1756409595

Upstream

CVE-2024-20506

CVE-2025-20128

CVE-2025-20234

CVE-2025-20260

Published

2025-08-28T19:33:18Z

Modified

2026-06-01T00:33:18.031060940Z

Summary

clamav: Fix of 4 CVEs

Details

Update to 1.4.3 LTS
CVE-2025-20260: Fixed a possible buffer overflow write bug in the PDF file parser
CVE-2025-20234: Fixed a possible buffer overflow read bug in the UDF file parser
CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser
CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files

References

https://errata.tuxcare.com/els_os/centos7els/CLSA-2025-1756409595.html

Affected packages

TuxCare:CentOS:7

clamav

Package

Name: clamav
Purl: pkg:rpm/tuxcare/clamav?distro=centos-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.4.3-1.el7.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1756409595.json"

clamav-data

Package

Name: clamav-data
Purl: pkg:rpm/tuxcare/clamav-data?distro=centos-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.4.3-1.el7.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1756409595.json"

clamav-devel

Package

Name: clamav-devel
Purl: pkg:rpm/tuxcare/clamav-devel?distro=centos-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.4.3-1.el7.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1756409595.json"

clamav-doc

Package

Name: clamav-doc
Purl: pkg:rpm/tuxcare/clamav-doc?distro=centos-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.4.3-1.el7.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1756409595.json"

clamav-filesystem

Package

Name: clamav-filesystem
Purl: pkg:rpm/tuxcare/clamav-filesystem?distro=centos-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.4.3-1.el7.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1756409595.json"

clamav-freshclam

Package

Name: clamav-freshclam
Purl: pkg:rpm/tuxcare/clamav-freshclam?distro=centos-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.4.3-1.el7.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1756409595.json"

clamav-lib

Package

Name: clamav-lib
Purl: pkg:rpm/tuxcare/clamav-lib?distro=centos-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.4.3-1.el7.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1756409595.json"

clamav-milter

Package

Name: clamav-milter
Purl: pkg:rpm/tuxcare/clamav-milter?distro=centos-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.4.3-1.el7.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1756409595.json"

clamd

Package

Name: clamd
Purl: pkg:rpm/tuxcare/clamd?distro=centos-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.4.3-1.el7.tuxcare.els1

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2025-1756409595.json"