{"id":"MGASA-2019-0162","summary":"Updated clamav packages fix security vulnerabilities","details":"The updated packages fix security vulnerabilities:\n\nA vulnerability in the Portable Document Format (PDF) scanning functionality\nof Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow\nan unauthenticated, remote attacker to cause a denial of service (DoS)\ncondition on an affected device. The vulnerability is due to a lack of\nproper data handling mechanisms within the device buffer while indexing\nremaining file data on an affected device. An attacker could exploit this\nvulnerability by sending crafted PDF files to an affected device. A\nsuccessful exploit could allow the attacker to cause a heap buffer\nout-of-bounds read condition, resulting in a crash that could result in a\ndenial of service condition on an affected device. (CVE-2019-1787)\n\nA vulnerability in the Object Linking & Embedding (OLE2) file scanning\nfunctionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior\ncould allow an unauthenticated, remote attacker to cause a denial of service\ncondition on an affected device. The vulnerability is due to a lack of\nproper input and validation checking mechanisms for OLE2 files sent an\naffected device. An attacker could exploit this vulnerability by sending\nmalformed OLE2 files to the device running an affected version ClamAV\nSoftware. An exploit could allow the attacker to cause an out-of-bounds\nwrite condition, resulting in a crash that could result in a denial of\nservice condition on an affected device. (CVE-2019-1788)\n\nAn out-of-bounds heap read condition when scanning PE files. (CVE-2019-1789)\n","modified":"2026-01-30T12:25:29.918392Z","published":"2019-05-12T09:35:33Z","related":["CVE-2019-1787","CVE-2019-1788","CVE-2019-1789"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0162.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=24704"},{"type":"REPORT","url":"https://usn.ubuntu.com/3940-1/"}],"affected":[{"package":{"name":"clamav","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/clamav?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.100.3-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0162.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}