Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2007-1997HistoryApr 16, 2007 - 9:19 p.m.
CVE-2007-1997
2007-04-1621:19:00
Debian Security Bug Tracker
security-tracker.debian.org
13
0.203 Low
EPSS
Percentile
96.3%
Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | clamav | < 0.90.2-1 | clamav_0.90.2-1_all.deb |
| Debian | 11 | all | clamav | < 0.90.2-1 | clamav_0.90.2-1_all.deb |
| Debian | 10 | all | clamav | < 0.90.2-1 | clamav_0.90.2-1_all.deb |
| Debian | 999 | all | clamav | < 0.90.2-1 | clamav_0.90.2-1_all.deb |
| Debian | 13 | all | clamav | < 0.90.2-1 | clamav_0.90.2-1_all.deb |
Related
securityvulns
securityvulns
[Full-disclosure] iDefense Security Advisory 04.16.07: ClamAV CAB File Unstore Buffer Overflow Vulnerability
2007-04-16 00:00:00
ClamAV antivirus multiple vulnerabilities
2007-04-16 00:00:00
prion
prion
Integer overflow
2007-04-16 21:19:00
cve
cve
CVE-2007-1997
2007-04-16 21:19:00
suse
suse
remote code execution in clamav
2007-04-20 15:53:51
nessus
nessus
SuSE 10 Security Update : clamav (ZYPP Patch Number 3081)
2007-12-13 00:00:00
GLSA-200704-21 : ClamAV: Multiple vulnerabilities
2007-04-30 00:00:00
openSUSE 10 Security Update : clamav (clamav-3080)
2007-10-17 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200704-21 (ClamAV)
2008-09-24 00:00:00
SLES9: Security update for clamav
2009-10-10 00:00:00
SLES9: Security update for clamav
2009-10-10 00:00:00
gentoo
gentoo
ClamAV: Multiple vulnerabilities
2007-04-24 00:00:00
osv
osv
clamav - several vulnerabilities
2007-04-25 00:00:00
debian
debian
[SECURITY] [DSA 1281-1] New clamav packages fix several vulnerabilities
2007-04-25 00:00:00