[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1759-1] clamav security update



Package        : clamav
Version        : 0.100.3+dfsg-0+deb8u1
CVE ID         : CVE-2019-1787 CVE-2019-1788 CVE-2019-1789
Debian Bug     : 


Out-of-bounds read and write conditions have been fixed in clamav.

CVE-2019-1787

    An out-of-bounds heap read condition may occur when scanning PDF
    documents. The defect is a failure to correctly keep track of the number
    of bytes remaining in a buffer when indexing file data.

CVE-2019-1788

    An out-of-bounds heap write condition may occur when scanning OLE2 files
    such as Microsoft Office 97-2003 documents. The invalid write happens when
    an invalid pointer is mistakenly used to initialize a 32bit integer to
    zero. This is likely to crash the application.

CVE-2019-1789

    An out-of-bounds heap read condition may occur when scanning PE files
    (i.e. Windows EXE and DLL files) that have been packed using Aspack as a
    result of inadequate bound-checking.


For Debian 8 "Jessie", these problems have been fixed in version
0.100.3+dfsg-0+deb8u1.

We recommend that you upgrade your clamav packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: PGP signature


Reply to: