ClamAV, a popular antivirus utility for Unix systems, has received critical security updates for Debian versions 9, 10, and 11 to address two significant vulnerabilities: CVE-2025-20128 and CVE-2025-20260.

CVE-2025-20128 pertains to the OLE2 decryption routine in ClamAV, where an attacker can exploit this vulnerability to trigger a denial of service (DoS) on a targeted device. Meanwhile, CVE-2025-20260 involves the PDF scanning capabilities of ClamAV, allowing an attacker to potentially execute arbitrary code, cause a buffer overflow, or induce a DoS condition.

To mitigate these risks, users are strongly encouraged to upgrade their ClamAV installations to the following versions:
- For Debian GNU/Linux 11 (Bullseye): 1.0.9+dfsg-1~deb11u1
- For Debian GNU/Linux 10 (Buster): 1.0.9+dfsg-1~deb10u1
- For Debian GNU/Linux 9 (Stretch): 1.0.9+dfsg-1~deb9u1

These updates are documented in the Debian LTS Advisory DLA-4292-1 and the Extended LTS ELA-1511-1.

For ongoing security management, users can monitor ClamAV's security status through its dedicated security tracker page and find additional resources related to Debian LTS security advisories, update application procedures, and common queries on the Debian wiki.

In light of these vulnerabilities, it is vital for users and system administrators to stay informed about the latest updates and best practices for securing their systems against potential threats. Regular updates and monitoring of security advisories can significantly reduce the risk of exploitation by malicious actors

Clamav security updates for Debian 9, 10, and 11

A security update has been released for ClamAV, an antivirus utility for Unix, to address two vulnerabilities: CVE-2025-20128 and CVE-2025-20260. The first vulnerability lets an attacker make a device stop working by taking advantage of the Object Linking and Embedding 2 (OLE2) decryption process in ClamAV. The second vulnerability allows an attacker to cause a buffer overflow, denial of service, or execution of arbitrary code on an affected device by exploiting the PDF scanning processes in ClamAV. Users are advised to upgrade their ClamAV packages to version 1.0.9+dfsg-1deb11u1 (for Debian GNU/Linux 11 LTS) or 1.0.9+dfsg-1deb9u1 (for Debian GNU/Linux 9 ELTS) or 1.0.9+dfsg-1~deb10u1 (for Debian GNU/Linux 10 ELTS).

[DLA 4292-1] clamav security update
ELA-1511-1 clamav security update

Clamav security updates for Debian 9, 10, and 11 @ Linux Compatible