CVE-2019-1786
Severity
5.5MEDIUM
EPSS
3.7%
top 11.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 8
Latest updateMay 14
Description
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected …
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages3 packages
🔴Vulnerability Details
3GHSA▶
GHSA-gr4q-p783-ch2p: A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0↗2022-05-14
OSV▶
CVE-2019-1786: A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0↗2019-04-08
📋Vendor Advisories
1Debian▶
CVE-2019-1786: clamav - A vulnerability in the Portable Document Format (PDF) scanning functionality of ...↗2019
💬Community
3Bugzilla▶
CVE-2019-1786 clamav: out-of-bounds heap read condition when scanning malformed PDF results in improper bounds check↗2019-04-04
Bugzilla▶
CVE-2019-1785 CVE-2019-1786 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 CVE-2019-1798 clamav: various flaws [epel-all]↗2019-04-04
Bugzilla▶
CVE-2019-1785 CVE-2019-1786 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 CVE-2019-1798 clamav: various flaws [fedora-all]↗2019-04-04