PT-2019-15254 · Cisco+3 · Clamav+3

Published

2019-03-28

·

Updated

2026-02-06

·

CVE-2019-1787

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions ClamAV Software versions 0.101.1 and prior
Description A vulnerability in the Portable Document Format (PDF) scanning functionality could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The issue is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data. An attacker could exploit this by sending crafted PDF files to an affected device, potentially causing a heap buffer out-of-bounds read condition and resulting in a crash.
Recommendations For ClamAV Software versions 0.101.1 and prior, update to a version later than 0.101.1 to resolve the issue. As a temporary workaround, consider restricting the handling of PDF files by the ClamAV software until a patch is available.

Exploit

Fix

DoS

Out of bounds Read

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-20

Related Identifiers

ALT-PU-2019-1538
CLEANSTART-2026-LA13761
CLEANSTART-2026-NJ87139
CLEANSTART-2026-TC95380
CLEANSTART-2026-WX01708
CVE-2019-1787
DLA-1759-1
MGASA-2019-0162
OPENSUSE-SU-2019:1210-1
OPENSUSE-SU-2019_1208-1
OPENSUSE-SU-2019_1210-1
OPENSUSE-SU-2020:2268-1
OPENSUSE-SU-2020:2276-1
OPENSUSE-SU-2020_2268-1
OPENSUSE-SU-2020_2276-1
OPENSUSE-SU-2024:10685-1
SUSE-SU-2019:0861-1
SUSE-SU-2019:0897-1
SUSE-SU-2019:14015-1
SUSE-SU-2019_0861-1
SUSE-SU-2019_0897-1
SUSE-SU-2019_14015-1
SUSE-SU-2020:3790-1
USN-3940-1
USN-3940-2

Affected Products

Alt Linux
Clamav
Suse
Ubuntu