Index: vuln.xml =================================================================== --- vuln.xml (revision 496920) +++ vuln.xml (working copy) @@ -58,6 +58,48 @@ * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + clamav -- multiple vulnerabilities + + + clamav + 0.101.2,1 + + + clamav-milter + 0.101.2,1 + + + + +

Micah Snyder reports:

+
+
CVE-2019-1785: A path-traversal write condition may occur as a result of improper input validation when scanning RAR archives. Issue reported by aCaB.
+
CVE-2019-1786: An out-of-bounds heap read condition may occur when scanning malformed PDF documents as a result of improper bounds-checking
+
CVE-2019-1787: An out-of-bounds heap read condition may occur when scanning PDF documents. The defect is a failure to correctly keep track of the number of bytes remaining in a buffer when indexing file data.
+
CVE-2019-1788: An out-of-bounds heap write condition may occur when scanning OLE2 files such as Microsoft Office 97-2003 documents. The invalid write happens when an invalid pointer is mistakenly used to initialize a 32bit integer to zero. This is likely to crash the application.
+
CVE-2019-1789: An out-of-bounds heap read condition may occur when scanning PE files (i.e. Windows EXE and DLL files) that have been packed using Aspack as a result of inadequate bound-checking.
+
CVE-2019-1798: A use-after-free condition may occur as a result of improper error handling when scanning nested RAR archives. Issue reported by David L.
+
+

+ + + + https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html + CVE-2019-1785 + CVE-2019-1786 + CVE-2019-1787 + CVE-2019-1788 + CVE-2019-1789 + CVE-2019-1798 + + + 2019-03-26 + 2019-03-26 + + + Python -- NULL pointer dereference vulnerability