PT-2019-1763 · Clam Antivirus+3 · Clamav+3

Published

2019-03-26

·

Updated

2026-02-06

·

CVE-2019-1788

CVSS v2.0

8.5

High

VectorAV:N/AC:L/Au:N/C:N/I:P/A:C
Name of the Vulnerable Software and Affected Versions Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior
Description A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The issue is due to a lack of proper input and validation checking mechanisms for OLE2 files sent to an affected device. An attacker could exploit this by sending malformed OLE2 files, potentially causing an out-of-bounds write condition and resulting in a crash that leads to a denial of service condition.
Recommendations For ClamAV Software versions 0.101.1 and prior, consider updating to a version that addresses the OLE2 file scanning vulnerability to prevent potential denial of service conditions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

RCE

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-787CWE-119

Related Identifiers

ALT-PU-2019-1538
BDU:2019-01403
CLEANSTART-2026-LA13761
CLEANSTART-2026-NJ87139
CLEANSTART-2026-TC95380
CLEANSTART-2026-WX01708
CVE-2019-1788
DLA-1759-1
MGASA-2019-0162
OPENSUSE-SU-2019:1210-1
OPENSUSE-SU-2019_1208-1
OPENSUSE-SU-2019_1210-1
OPENSUSE-SU-2020:2268-1
OPENSUSE-SU-2020:2276-1
OPENSUSE-SU-2020_2268-1
OPENSUSE-SU-2020_2276-1
OPENSUSE-SU-2024:10685-1
SUSE-SU-2019:0861-1
SUSE-SU-2019:0897-1
SUSE-SU-2019:14015-1
SUSE-SU-2019_14015-1
SUSE-SU-2020:3790-1
USN-3940-1
USN-3940-2

Affected Products

Alt Linux
Clamav
Suse
Ubuntu