{"id":"CVE-2019-1785","details":"A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system.","modified":"2026-03-12T23:02:06.301733Z","published":"2019-04-08T19:29:05.433Z","related":["SUSE-SU-2020:3790-1","openSUSE-SU-2020:2268-1","openSUSE-SU-2020:2276-1","openSUSE-SU-2024:10685-1"],"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201904-12"},{"type":"REPORT","url":"https://bugzilla.clamav.net/show_bug.cgi?id=12284"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cisco-talos/clamav","events":[{"introduced":"0"},{"last_affected":"5ba88cab5122dda63ef2d3194c923a3f948966e5"},{"introduced":"0"},{"last_affected":"077cf7859080798aa2d51401b35fe3f5ff5d334f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.101.0"},{"introduced":"0"},{"last_affected":"0.101.1"}]}}],"versions":["clamav-0.101.0","clamav-0.96","clamav-0.96.2","clamav-0.96.3","clamav-0.96.4","clamav-0.96.5","clamav-0.96rc1","clamav-0.96rc2","clamav-0.97","clamav-0.97rc","clamav-0.98-dmgxar","clamav-0.99-beta1","merge-llvm-79908","merge-llvm-80601","merge-llvm-83242","merge-llvm-90002","merge-llvm-91214","merge-llvm-91428","merge-llvm-92222","merge-llvm-94539","merge-llvm-97877","r5076"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-1785.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}