CVE-2007-1745
published 2007-04-16CVE-2007-1745: The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and…
PriorityP420high7.1CVSS 2.0
AVNACMAuNCNINAC
EPSS
2.33%
81.4th percentile
The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clam_anti-virus | clamav | <= 0.90.1 | — |
| clamav | clamav | >= 0 < 0.90.2-1 | 0.90.2-1 |
| clamav | clamav | >= 0 < 0.90.2-1 | 0.90.2-1 |
| clamav | clamav | >= 0 < 0.90.2-1 | 0.90.2-1 |
| clamav | clamav | >= 0 < 0.90.2-1 | 0.90.2-1 |
| debian | clamav | < clamav 0.90.2-1 (bookworm) | clamav 0.90.2-1 (bookworm) |
| ifenslave | ifenslave | — | — |
CVSS provenance
nvdv2.07.1HIGHAV:N/AC:M/Au:N/C:N/I:N/A:C
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q5hh-756j-4676: The chm_decompress_stream function in libclamav/chmunpack
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-1745 [HIGH] GHSA-q5hh-756j-4676: The chm_decompress_stream function in libclamav/chmunpack
The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information.
OSV
CVE-2007-1745: The chm_decompress_stream function in libclamav/chmunpack
osv·2007-04-16·CVSS 7.5
CVE-2007-1745 [HIGH] CVE-2007-1745: The chm_decompress_stream function in libclamav/chmunpack
The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information.
Debian
CVE-2007-1745: clamav - The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (C...
vendor_debian·2007·CVSS 7.5
CVE-2007-1745 [HIGH] CVE-2007-1745: clamav - The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (C...
The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information.
Scope: local
bookworm: resolved (fixed in 0.90.2-1)
bullseye: resolved (fixed in 0.90.2-1)
forky: resolved (fixed in 0.90.2-1)
sid: resolved (fixed in 0.90.2-1)
trixie: resolved (fixed in 0.90.2-1)
No detection rules found.
Bugzilla
CVE-2007-1745: clamav < 0.90.2 chm unpack issue
bugzilla·2007-04-18·CVSS 7.5
CVE-2007-1745 [HIGH] CVE-2007-1745: clamav < 0.90.2 chm unpack issue
CVE-2007-1745: clamav < 0.90.2 chm unpack issue
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1745
"The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus
(ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and
attack vectors involving a crafted CHM file, a different vulnerability than
CVE-2007-0897. NOTE: some of these details are obtained from third party
information."
CVE-2007-1997 appears to be somewhat related and is said to affect 0.9x versions
before 0.90.2 only, however for this CVE I didn't find anything that would say
0.88.7 currently in FE5 and FE6 wouldn't be affected.
Discussion:
*** This bug has been marked as a duplicate of 236703 ***
Bugzilla
possible vulnerabilities CVE-2007-1745
bugzilla·2007-04-17·CVSS 7.5
CVE-2007-1745 [HIGH] possible vulnerabilities CVE-2007-1745
possible vulnerabilities CVE-2007-1745
See http://sourceforge.net/project/shownotes.php?release_id=500765
and http://www.heise-security.co.uk/news/88283
for more details.
The update to 0.90.2 will fix it.
Discussion:
Copy from bug #230075 comment #35:
----
0.88.7-2 should not be vulnerable to the issues fixed by 0.90.2.
CHM fd leak does not seem to triggerable by attackers (happens only when an
'fdopen()' fails, and there is a test whether open(2) returns !0 instead of <0).
0.90.x executes other code which might lead to the fd leak.
CAB scanning was disabled by the fix for CVE-2007-0897, and 0.88.7 does not
contain code for PDF scanning overall.
---
*** Bug 236948 has been marked as a duplicate of this bug. ***
http://docs.info.apple.com/article.html?artnum=307562http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.htmlhttp://osvdb.org/34913http://secunia.com/advisories/24891http://secunia.com/advisories/24920http://secunia.com/advisories/24946http://secunia.com/advisories/24996http://secunia.com/advisories/25022http://secunia.com/advisories/25028http://secunia.com/advisories/25189http://secunia.com/advisories/29420http://security.gentoo.org/glsa/glsa-200704-21.xmlhttp://sourceforge.net/project/shownotes.php?release_id=500765http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.htmlhttp://www.debian.org/security/2007/dsa-1281http://www.mandriva.com/security/advisories?name=MDKSA-2007:098http://www.novell.com/linux/security/advisories/2007_26_clamav.htmlhttp://www.securityfocus.com/bid/23473http://www.trustix.org/errata/2007/0013/http://www.vupen.com/english/advisories/2007/1378http://www.vupen.com/english/advisories/2008/0924/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/33636http://docs.info.apple.com/article.html?artnum=307562http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.htmlhttp://osvdb.org/34913http://secunia.com/advisories/24891http://secunia.com/advisories/24920http://secunia.com/advisories/24946http://secunia.com/advisories/24996http://secunia.com/advisories/25022http://secunia.com/advisories/25028http://secunia.com/advisories/25189http://secunia.com/advisories/29420http://security.gentoo.org/glsa/glsa-200704-21.xmlhttp://sourceforge.net/project/shownotes.php?release_id=500765http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.htmlhttp://www.debian.org/security/2007/dsa-1281http://www.mandriva.com/security/advisories?name=MDKSA-2007:098http://www.novell.com/linux/security/advisories/2007_26_clamav.htmlhttp://www.securityfocus.com/bid/23473http://www.trustix.org/errata/2007/0013/http://www.vupen.com/english/advisories/2007/1378http://www.vupen.com/english/advisories/2008/0924/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/33636
2007-04-16
Published