ClamAV 1.4.2 is a patch release with the following fixes:
-
CVE-2025-20128:
Fixed a possible buffer overflow read bug in the OLE2 file parser that could
cause a denial-of-service (DoS) condition.This issue was introduced in version 1.0.0 and affects all currently
supported versions. It will be fixed in:- 1.4.2
- 1.0.8
Thank you to OSS-Fuzz for identifying this issue.