cbcvebase.
CVE-2007-1745
published 2007-04-16

CVE-2007-1745: The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and…

PriorityP420high7.1CVSS 2.0
AVNACMAuNCNINAC
EPSS
2.33%
81.4th percentile
The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information.

Affected

7 ranges
VendorProductVersion rangeFixed in
clam_anti-virusclamav<= 0.90.1
clamavclamav>= 0 < 0.90.2-10.90.2-1
clamavclamav>= 0 < 0.90.2-10.90.2-1
clamavclamav>= 0 < 0.90.2-10.90.2-1
clamavclamav>= 0 < 0.90.2-10.90.2-1
debianclamav< clamav 0.90.2-1 (bookworm)clamav 0.90.2-1 (bookworm)
ifenslaveifenslave

CVSS provenance

nvdv2.07.1HIGHAV:N/AC:M/Au:N/C:N/I:N/A:C
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.