VDB
CVE-2019-1798
CVE-2019-1798
REJECTED
A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for PE files sent an affected device. An attacker could exploit this vulnerability by sending malformed PE files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.
EPSS 1.58% · 81.9th percentile
Risk Scores
EPSS Score
1.58%
81.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | libclamunrar | 0, 0.99-4ubuntu1 |
| Ubuntu:14.04:LTS | clamav | 0.100.2+dfsg-1ubuntu0.14.04.1, 0.100.1+dfsg-1ubuntu0.14.04.4, 0.100.1+dfsg-1ubuntu0.14.04.3 |
| Ubuntu:16.04:LTS | libclamunrar | 0.98.5-1, 0, 0.99-1 |
| Ubuntu:14.04:LTS | libclamunrar | 0.99-0ubuntu0.14.04.2, 0.99-0ubuntu0.14.04.1, 0.96.4-1ubuntu1 |
| Ubuntu:18.04:LTS | clamav | 0.99.3~beta1+dfsg-2ubuntu1, 0.99.2+dfsg-6ubuntu2, 0 |
| Ubuntu:16.04:LTS | clamav | 0.100.1+dfsg-1ubuntu0.16.04.3, 0.100.1+dfsg-1ubuntu0.16.04.1, 0.99.3+addedllvm-0ubuntu0.16.04.1 |
Exploit Intelligence
Timeline
- Apr 8, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-1798 third-party-advisory
- https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-1798 third-party-advisory