OR *cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:* versions up to (excluding) 1.25.1 *cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:* versions up to (excluding) 1.24.4 *cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:* versions up to (excluding) 4.2.0 *cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:* versions up to (excluding) 7.5.20 *cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:* versions from (including) 8.0.1.21160 up to (excluding) 8.4.3
Added
CPE Configuration
OR *cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:* versions from (including) 1.0.0 up to (excluding) 1.0.8 *cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:* versions from (including) 1.1.0 up to (excluding) 1.4.2
New CVE Received from Cisco Systems, Inc. 1/22/2025 12:15:12 PM
Action
Type
Old Value
New Value
Added
Description
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.