CVE-2019-1786

Summary

CVE	CVE-2019-1786
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-04-08 19:29:00 UTC
Updated	2023-03-01 18:36:00 UTC
Description	A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.

Risk And Classification

Problem Types: CWE-125

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Clamav	Clamav	0.101.0	All	All	All
Application	Clamav	Clamav	0.101.1	All	All	All
Application	Clamav	Clamav	0.101.0	All	All	All
Application	Clamav	Clamav	0.101.1	All	All	All

References

Reference	Source	Link	Tags
ClamAV: Multiple vulnerabilities (GLSA 201904-12) — Gentoo security	GENTOO	security.gentoo.org
12168 - oss-fuzz - OSS-Fuzz: Fuzzing the planet - Monorail	MISC	bugs.chromium.org	Mailing List, Third Party Advisory
12149 - oss-fuzz - OSS-Fuzz: Fuzzing the planet - Monorail	MISC	bugs.chromium.org	Mailing List, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

710172 Gentoo Linux ClamAV Multiple vulnerabilities (GLSA 201904-12)
750483 OpenSUSE Security Update for clamav (openSUSE-SU-2020:2276-1)
750485 OpenSUSE Security Update for clamav (openSUSE-SU-2020:2268-1)