CVE-2019-1789

ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.

References

https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html

Affected packages

Git / github.com/cisco-talos/clamav

Affected ranges

Type

GIT

Repo

https://github.com/cisco-talos/clamav

Events

Introduced

Fixed

5e0e479ad2276414b624e4494ba27359dac9afcc

Database specific

{
    "cpe": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.101.2"
        }
    ]
}

Affected versions

clamav-0.*

clamav-0.101.0

clamav-0.101.1

clamav-0.96

clamav-0.96.2

clamav-0.96.3

clamav-0.96.4

clamav-0.96.5

clamav-0.96rc1

clamav-0.96rc2

clamav-0.97

clamav-0.97rc

Other

merge-llvm-97877

r5076

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-1789.json"