CVE-2019-1786

Name of the Vulnerable Software and Affected Versions ClamAV Software versions 0.101.1 through 0.101.0

Description A vulnerability in the Portable Document Format (PDF) scanning functionality could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The issue is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data. An attacker could exploit this by sending crafted PDF files to an affected device, potentially causing an out-of-bounds read condition and resulting in a crash that leads to a denial of service condition.

Recommendations For ClamAV Software versions 0.101.1 and 0.101.0, consider disabling the PDF scanning functionality until a patch is available to prevent potential exploitation. Restrict access to the device to minimize the risk of receiving crafted PDF files.