CVE-2007-1745 — Anti-virus Clamav vulnerability

8 documents7 sources

Severity

7.1HIGHNVD

CNA7.5OSV7.5

EPSS

2.2%

top 15.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Clam Anti-virus Clamav Ifenslave

Timeline

PublishedApr 16

Latest updateMay 1

Description

The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages3 packages

▶Debianclamav/clamav< 0.90.2-1+3

▶NVDclam_anti-virus/clamav0.90.1

▶NVDifenslave/ifenslave0.88

🔴Vulnerability Details

GHSA

GHSA-q5hh-756j-4676: The chm_decompress_stream function in libclamav/chmunpack↗2022-05-01

▶

OSV

CVE-2007-1745: The chm_decompress_stream function in libclamav/chmunpack↗2007-04-16

▶

CVEList

CVE-2007-1745: The chm_decompress_stream function in libclamav/chmunpack↗2007-04-16

▶

💥Exploits & PoCs

Exploit-DB

XOOPS Module wiwimod 0.4 - Remote File Inclusion↗2007-06-20

▶

📋Vendor Advisories

Debian

CVE-2007-1745: clamav - The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (C...↗2007

▶

💬Community

Bugzilla

CVE-2007-1745: clamav < 0.90.2 chm unpack issue↗2007-04-18

▶

Bugzilla

possible vulnerabilities CVE-2007-1745↗2007-04-17

▶