Vulnerabilities > CVE-2019-1788 - Out-of-bounds Write vulnerability in multiple products
Summary
A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for OLE2 files sent an affected device. An attacker could exploit this vulnerability by sending malformed OLE2 files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds write condition, resulting in a crash that could result in a denial of service condition on an affected device.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1759.NASL description Out-of-bounds read and write conditions have been fixed in clamav. CVE-2019-1787 An out-of-bounds heap read condition may occur when scanning PDF documents. The defect is a failure to correctly keep track of the number of bytes remaining in a buffer when indexing file data. CVE-2019-1788 An out-of-bounds heap write condition may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. The invalid write happens when an invalid pointer is mistakenly used to initialize a 32bit integer to zero. This is likely to crash the application. CVE-2019-1789 An out-of-bounds heap read condition may occur when scanning PE files (i.e. Windows EXE and DLL files) that have been packed using Aspack as a result of inadequate bound-checking. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 124217 published 2019-04-23 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124217 title Debian DLA-1759-1 : clamav security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0861-1.NASL description This update for clamav to version 0.100.3 fixes the following issues : Security issues fixed (bsc#1130721) : CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents. CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files). CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 123749 published 2019-04-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123749 title SUSE SLED15 / SLES15 Security Update : clamav (SUSE-SU-2019:0861-1) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2019-1213.NASL description An out-of-bounds heap read condition may occur when scanning PDF documents. The defect is a failure to correctly keep track of the number of bytes remaining in a buffer when indexing file data. (CVE-2019-1787) An out-of-bounds heap read condition may occur when scanning PE files (i.e. Windows EXE and DLL files) that have been packed using Aspack as a result of inadequate bound-checking. (CVE-2019-1789) An out-of-bounds heap write condition may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. The invalid write happens when an invalid pointer is mistakenly used to initialize a 32bit integer to zero. This is likely to crash the application. (CVE-2019-1788) last seen 2020-06-01 modified 2020-06-02 plugin id 125295 published 2019-05-21 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125295 title Amazon Linux AMI : clamav (ALAS-2019-1213) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3940-1.NASL description It was discovered that ClamAV incorrectly handled scanning certain PDF documents. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-1787) It was discovered that ClamAV incorrectly handled scanning certain OLE2 files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-1788) It was discovered that ClamAV incorrectly handled scanning certain PE files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2019-1789). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 123932 published 2019-04-09 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123932 title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : clamav vulnerabilities (USN-3940-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-14015-1.NASL description This update for clamav to version 0.100.3 fixes the following issues : Security issues fixed (bsc#1130721) : CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents. CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files). CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 123972 published 2019-04-10 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123972 title SUSE SLES11 Security Update : clamav (SUSE-SU-2019:14015-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0897-1.NASL description This update for clamav to version 0.100.3 fixes the following issues : Security issues fixed (bsc#1130721) : CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents. CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files). CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 123923 published 2019-04-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123923 title SUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2019:0897-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201904-12.NASL description The remote host is affected by the vulnerability described in GLSA-201904-12 (ClamAV: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 123984 published 2019-04-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123984 title GLSA-201904-12 : ClamAV: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1208.NASL description This update for clamav to version 0.100.3 fixes the following issues : Security issues fixed (bsc#1130721): 	 - CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents. - CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files). - CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 124101 published 2019-04-17 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124101 title openSUSE Security Update : clamav (openSUSE-2019-1208) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1210.NASL description This update for clamav to version 0.100.3 fixes the following issues : Security issues fixed (bsc#1130721): 	 - CVE-2019-1787: Fixed an out-of-bounds heap read condition which may occur when scanning PDF documents. - CVE-2019-1789: Fixed an out-of-bounds heap read condition which may occur when scanning PE files (i.e. Windows EXE and DLL files). - CVE-2019-1788: Fixed an out-of-bounds heap write condition which may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 124103 published 2019-04-17 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124103 title openSUSE Security Update : clamav (openSUSE-2019-1210) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_84CE26C3576911E9ABD6001B217B3468.NASL description Clamav reports : An out-of-bounds heap read condition may occur when scanning PDF documents An out-of-bounds heap read condition may occur when scanning PE files An out-of-bounds heap write condition may occur when scanning OLE2 files An out-of-bounds heap read condition may occur when scanning malformed PDF documents A path-traversal write condition may occur as a result of improper input validation when scanning RAR archives A use-after-free condition may occur as a result of improper error handling when scanning nested RAR archives last seen 2020-06-01 modified 2020-06-02 plugin id 123809 published 2019-04-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123809 title FreeBSD : clamav -- multiple vulnerabilities (84ce26c3-5769-11e9-abd6-001b217b3468)
References
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00062.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00062.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00064.html
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12166
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12166
- https://lists.debian.org/debian-lts-announce/2019/04/msg00019.html
- https://lists.debian.org/debian-lts-announce/2019/04/msg00019.html
- https://security.gentoo.org/glsa/201904-12
- https://security.gentoo.org/glsa/201904-12