CVE-2019-1788
ClamAV OLE2 File Out-Of-Bounds Write Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for OLE2 files sent an affected device. An attacker could exploit this vulnerability by sending malformed OLE2 files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds write condition, resulting in a crash that could result in a denial of service condition on an affected device.
Una vulnerabilidad en la funcionalidad de análisis de archivos Object Linking & Embedding (OLE2) de las versiones 0.101.1 y anteriores del software Clam AntiVirus (ClamAV) podría permitir que un atacante remoto no autenticado cause una condición de denegación de servicio en un dispositivo afectado. La vulnerabilidad se debe a la falta de mecanismos adecuados de comprobación de entrada y validación de los archivos OLE2 enviados a un dispositivo afectado. Un atacante podría explotar esta vulnerabilidad enviando archivos OLE2 malformados al dispositivo que ejecuta una versión afectada de ClamAV Software. Un exploit podría permitir al atacante causar una condición de escritura fuera de límites, resultando en un fallo que podría generar una condición de denegación de servicio en un dispositivo afectado.
It was discovered that ClamAV incorrectly handled scanning certain PDF documents. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. It was discovered that ClamAV incorrectly handled scanning certain OLE2 files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2018-12-06 CVE Reserved
- 2019-03-27 CVE Published
- 2024-11-19 CVE Updated
- 2024-11-19 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
- CWE-787: Out-of-bounds Write
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2019/04/msg00019.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12166 | 2024-11-19 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00062.html | 2020-10-16 | |
| http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00064.html | 2020-10-16 | |
| https://security.gentoo.org/glsa/201904-12 | 2020-10-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Clamav Search vendor "Clamav" | Clamav Search vendor "Clamav" for product "Clamav" | <= 0.101.1 Search vendor "Clamav" for product "Clamav" and version " <= 0.101.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.0 Search vendor "Opensuse" for product "Leap" and version "15.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 42.3 Search vendor "Opensuse" for product "Leap" and version "42.3" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||