Debian Security Advisory
DLA-1759-1 clamav -- LTS security update
- Date Reported:
- 22 Apr 2019
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2019-1787, CVE-2019-1788, CVE-2019-1789.
- More information:
Out-of-bounds read and write conditions have been fixed in clamav.
An out-of-bounds heap read condition may occur when scanning PDF documents. The defect is a failure to correctly keep track of the number of bytes remaining in a buffer when indexing file data.
An out-of-bounds heap write condition may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. The invalid write happens when an invalid pointer is mistakenly used to initialize a 32bit integer to zero. This is likely to crash the application.
An out-of-bounds heap read condition may occur when scanning PE files (i.e. Windows EXE and DLL files) that have been packed using Aspack as a result of inadequate bound-checking.
For Debian 8
Jessie, these problems have been fixed in version 0.100.3+dfsg-0+deb8u1.
We recommend that you upgrade your clamav packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS