Debian Security Advisory

DLA-1759-1 clamav -- LTS security update

Date Reported:
22 Apr 2019
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2019-1787, CVE-2019-1788, CVE-2019-1789.
More information:

Out-of-bounds read and write conditions have been fixed in clamav.

  • CVE-2019-1787

    An out-of-bounds heap read condition may occur when scanning PDF documents. The defect is a failure to correctly keep track of the number of bytes remaining in a buffer when indexing file data.

  • CVE-2019-1788

    An out-of-bounds heap write condition may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. The invalid write happens when an invalid pointer is mistakenly used to initialize a 32bit integer to zero. This is likely to crash the application.

  • CVE-2019-1789

    An out-of-bounds heap read condition may occur when scanning PE files (i.e. Windows EXE and DLL files) that have been packed using Aspack as a result of inadequate bound-checking.

For Debian 8 Jessie, these problems have been fixed in version 0.100.3+dfsg-0+deb8u1.

We recommend that you upgrade your clamav packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: