DEBIAN-CVE-2019-1785

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2019-1785
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2019-1785.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2019-1785
Upstream
Published
2019-04-08T19:29:05Z
Modified
2025-09-25T23:23:59.331093Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system.

References

Affected packages

Debian:11

clamav

Package

Name
clamav
Purl
pkg:deb/debian/clamav?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.101.2+dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

libclamunrar

Package

Name
libclamunrar
Purl
pkg:deb/debian/libclamunrar?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.101.2-1

Affected versions

0.*

0.95.1-1
0.95.2-1
0.95.3-1~volatile1
0.95.3-1
0.96-1
0.96-2~volatile1
0.96-2
0.96.4-1~volatile1
0.96.4-1
0.98.1-1
0.98.5-1
0.99-1
0.99-2
0.99-3
0.99-4
0.100.0-1
0.100.1-1
0.101.1-1
0.101.1-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12

clamav

Package

Name
clamav
Purl
pkg:deb/debian/clamav?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.101.2+dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

libclamunrar

Package

Name
libclamunrar
Purl
pkg:deb/debian/libclamunrar?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.101.2-1

Affected versions

0.*

0.95.1-1
0.95.2-1
0.95.3-1~volatile1
0.95.3-1
0.96-1
0.96-2~volatile1
0.96-2
0.96.4-1~volatile1
0.96.4-1
0.98.1-1
0.98.5-1
0.99-1
0.99-2
0.99-3
0.99-4
0.100.0-1
0.100.1-1
0.101.1-1
0.101.1-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13

clamav

Package

Name
clamav
Purl
pkg:deb/debian/clamav?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.101.2+dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

libclamunrar

Package

Name
libclamunrar
Purl
pkg:deb/debian/libclamunrar?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.101.2-1

Affected versions

0.*

0.95.1-1
0.95.2-1
0.95.3-1~volatile1
0.95.3-1
0.96-1
0.96-2~volatile1
0.96-2
0.96.4-1~volatile1
0.96.4-1
0.98.1-1
0.98.5-1
0.99-1
0.99-2
0.99-3
0.99-4
0.100.0-1
0.100.1-1
0.101.1-1
0.101.1-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14

clamav

Package

Name
clamav
Purl
pkg:deb/debian/clamav?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.101.2+dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

libclamunrar

Package

Name
libclamunrar
Purl
pkg:deb/debian/libclamunrar?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.101.2-1

Affected versions

0.*

0.95.1-1
0.95.2-1
0.95.3-1~volatile1
0.95.3-1
0.96-1
0.96-2~volatile1
0.96-2
0.96.4-1~volatile1
0.96.4-1
0.98.1-1
0.98.5-1
0.99-1
0.99-2
0.99-3
0.99-4
0.100.0-1
0.100.1-1
0.101.1-1
0.101.1-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}