Multiple high-severity vulnerabilities, including a dangerous buffer overflow capable of remote code execution, have been fixed in critical security updates released by the ClamAV team for versions 1.4.3 and 1.0.9.
These patch releases target several security issues that affect all currently supported versions of the popular open-source antivirus engine, with the most critical vulnerability (CVE-2025-20260) posing significant risks to systems with specific configuration parameters.
https://cybersecuritynews.com/clamav-1- ... -released/