[3.6] clamav: Multiple vulnerabilities (CVE-2019-1787, CVE-2019-1788, CVE-2019-1789)

CVE-2019-1787: An out-of-bounds heap read condition may occur when scanning PDF documents. The defect
is a failure to correctly keep track of the number of bytes remaining in a buffer when indexing file data.

Fixed In Version:

ClamAV 0.100.3

Reference:

https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html

CVE-2019-1788: An out-of-bounds heap write condition may occur when scanning OLE2 files such as
Microsoft Office 97-2003 documents. The invalid write happens when an invalid pointer is mistakenly
used to initialize a 32bit integer to zero. This is likely to crash the application.

Fixed In Version:

ClamAV 0.100.3

Reference:

https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html

CVE-2019-1789: An out-of-bounds heap read condition may occur when scanning PE files (i.e. Windows EXE and DLL files)
that have been packed using Aspack as a result of inadequate bound-checking.

Fixed In Version:

ClamAV 0.100.3

Reference:

https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html

(from redmine: issue id 10266, created on 2019-04-16, closed on 2019-04-18)

Relations:
- parent #10261 (closed)
Changesets:
- Revision b956a66c on 2019-04-17T14:02:14Z:

main/clamav: security upgrade to 0.100.3

CVE-2019-1787, CVE-2019-1788, CVE-2019-1789

Fixes #10266

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information