PT-2019-5068 · Cisco+3 · Clamav+3

David Fifield

·

Published

2019-08-12

·

Updated

2026-02-06

·

CVE-2019-12625

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions ClamAV versions prior to 0.101.3
Description The issue is related to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. It is also associated with incorrect cleanup or release of resources, which can be exploited by an attacker to cause a denial of service by sending specially crafted messages to the vulnerable system.
Recommendations For ClamAV versions prior to 0.101.3, update to version 0.101.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation. Avoid processing untrusted zip files until the issue is resolved.

Fix

DoS

Resource Exhaustion

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-404

Related Identifiers

ALT-PU-2019-2440
ALT-PU-2019-2444
ALT-PU-2019-2602
ALT-PU-2019-2613
BDU:2020-01710
CLEANSTART-2026-LA13761
CLEANSTART-2026-NJ87139
CLEANSTART-2026-TC95380
CLEANSTART-2026-WX01708
CVE-2019-12625
DLA-1953-1
DLA-1953-2
MGASA-2019-0328
OPENSUSE-SU-2019:2595-1
OPENSUSE-SU-2019:2597-1
OPENSUSE-SU-2019_2595-1
OPENSUSE-SU-2019_2597-1
OPENSUSE-SU-2020:2268-1
OPENSUSE-SU-2020:2276-1
OPENSUSE-SU-2020_2268-1
OPENSUSE-SU-2020_2276-1
OPENSUSE-SU-2024:10685-1
SUSE-SU-2019:14231-1
SUSE-SU-2019:3053-1
SUSE-SU-2019:3066-1
SUSE-SU-2019_14231-1
SUSE-SU-2019_3053-1
SUSE-SU-2019_3066-1
SUSE-SU-2020:3729-1
SUSE-SU-2020:3790-1
SUSE-SU-2020_3729-1
SUSE-SU-2020_3790-1
USN-4146-1
USN-4146-2

Affected Products

Alt Linux
Clamav
Suse
Ubuntu