[3.8] clamav: Multiple vulnerabilities (CVE-2019-1787, CVE-2019-1788, CVE-2019-1789)
CVE-2019-1787: An out-of-bounds heap read condition may occur when
scanning PDF documents. The defect
is a failure to correctly keep track of the number of bytes remaining in
a buffer when indexing file data.
Fixed In Version:
ClamAV 0.100.3
Reference:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
CVE-2019-1788: An out-of-bounds heap write condition may occur when
scanning OLE2 files such as
Microsoft Office 97-2003 documents. The invalid write happens when an
invalid pointer is mistakenly
used to initialize a 32bit integer to zero. This is likely to crash the
application.
Fixed In Version:
ClamAV 0.100.3
Reference:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
CVE-2019-1789: An out-of-bounds heap read condition may occur when
scanning PE files (i.e. Windows EXE and DLL files)
that have been packed using Aspack as a result of inadequate
bound-checking.
Fixed In Version:
ClamAV 0.100.3
Reference:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
(from redmine: issue id 10264, created on 2019-04-16, closed on 2019-04-18)
- Relations:
- parent #10251 (closed)
- Changesets:
- Revision 70381bbb on 2019-04-17T13:22:25Z:
main/clamav: security upgrade to 0.100.3
CVE-2019-1787, CVE-2019-1788, CVE-2019-1789
Fixes #10264