CVE-2019-1787

Name
CVE-2019-1787
Description
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Mailing List https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12181
Third Party Advisory https://security.gentoo.org/glsa/201904-12
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00064.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00062.html
Mailing List https://lists.debian.org/debian-lts-announce/2019/04/msg00019.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:* clamav >= None <= 0.101.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status