CVE-2019-1787

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-1787
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-1787.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-1787
Downstream
Related
Published
2019-04-08T19:29:05.540Z
Modified
2026-04-11T12:19:55.813057Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.

Database specific 
{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "8.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "15.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpe": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "42.3"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/cisco-talos/clamav

Affected ranges

Type
GIT
Repo
https://github.com/cisco-talos/clamav
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
077cf7859080798aa2d51401b35fe3f5ff5d334f
Database specific 
{
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.101.1"
        }
    ]
}

Affected versions

clamav-0.*
clamav-0.101.0
clamav-0.101.1
clamav-0.96
clamav-0.96.2
clamav-0.96.3
clamav-0.96.4
clamav-0.96.5
clamav-0.96rc1
clamav-0.96rc2
clamav-0.97
clamav-0.97rc
Other
merge-llvm-97877
r5076

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-1787.json"