CVE-2007-1997

Опубликовано: 16 апр. 2007

Источник: nvd

CVSS2: 7.5

EPSS Средний

Описание

Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.11454

Средний

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2007-1997

debian

больше 18 лет назад

Integer signedness error in the (1) cab_unstore and (2) cab_extract fu ...

GHSA-p592-g5c7-x7w6

github

больше 3 лет назад