PT-2019-15254 · Cisco+3 · Clamav+3

Publicado

2019-03-28

·

Atualizado

2026-02-06

·

CVE-2019-1787

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions ClamAV Software versions 0.101.1 and prior
Description A vulnerability in the Portable Document Format (PDF) scanning functionality could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The issue is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data. An attacker could exploit this by sending crafted PDF files to an affected device, potentially causing a heap buffer out-of-bounds read condition and resulting in a crash.
Recommendations For ClamAV Software versions 0.101.1 and prior, update to a version later than 0.101.1 to resolve the issue. As a temporary workaround, consider restricting the handling of PDF files by the ClamAV software until a patch is available.

Exploit

Correção

DoS

Out of bounds Read

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125CWE-20

Identificadores relacionados

ALT-PU-2019-1538
CLEANSTART-2026-LA13761
CLEANSTART-2026-NJ87139
CLEANSTART-2026-TC95380
CLEANSTART-2026-WX01708
CVE-2019-1787
DLA-1759-1
MGASA-2019-0162
OPENSUSE-SU-2019:1210-1
OPENSUSE-SU-2019_1208-1
OPENSUSE-SU-2019_1210-1
OPENSUSE-SU-2020:2268-1
OPENSUSE-SU-2020:2276-1
OPENSUSE-SU-2020_2268-1
OPENSUSE-SU-2020_2276-1
OPENSUSE-SU-2024:10685-1
SUSE-SU-2019:0861-1
SUSE-SU-2019:0897-1
SUSE-SU-2019:14015-1
SUSE-SU-2019_0861-1
SUSE-SU-2019_0897-1
SUSE-SU-2019_14015-1
SUSE-SU-2020:3790-1
USN-3940-1
USN-3940-2

Produtos afetados

Alt Linux
Clamav
Suse
Ubuntu