A couple of vulnerabilities have been fixed in ClamAV, an anti-virus utility for Unix.
CVE-2025-20128
The Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV
could allow an unauthenticated, remote attacker to cause a denial of service
(DoS) condition on an affected device.
CVE-2025-20260
The PDF scanning processes of ClamAV could allow an unauthenticated, remote
attacker to cause a buffer overflow condition, cause a denial of service (DoS)
condition, or execute arbitrary code on an affected device.
1.0.9+dfsg-1~deb11u1