CVE-2007-1997
7.4 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.203 Low
EPSS
Percentile
96.3%
Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow.
References
docs.info.apple.com/article.html?artnum=307562
labs.idefense.com/intelligence/vulnerabilities/display.php?id=513
lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
secunia.com/advisories/24891
secunia.com/advisories/24920
secunia.com/advisories/24946
secunia.com/advisories/24996
secunia.com/advisories/25022
secunia.com/advisories/25028
secunia.com/advisories/25189
secunia.com/advisories/29420
security.gentoo.org/glsa/glsa-200704-21.xml
sourceforge.net/project/shownotes.php?release_id=500765
support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html
www.debian.org/security/2007/dsa-1281
www.mandriva.com/security/advisories?name=MDKSA-2007:098
www.novell.com/linux/security/advisories/2007_26_clamav.html
www.securityfocus.com/bid/23473
www.securitytracker.com/id?1017921
www.trustix.org/errata/2007/0013/
www.vupen.com/english/advisories/2007/1378
www.vupen.com/english/advisories/2008/0924/references
exchange.xforce.ibmcloud.com/vulnerabilities/33637
Social References
More
Related
7.4 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.203 Low
EPSS
Percentile
96.3%