CVE-2007-1997Numeric Range Comparison Without Minimum Check in Anti-virus Clamav

8 documents7 sources
Severity
7.5HIGHNVD
EPSS
11.9%
top 6.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ClamavClam Anti-virus Clamav
Timeline
PublishedApr 16
Latest updateMay 1

Description

Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Debianclamav/clamav< 0.90.2-1+3
NVDclam_anti-virus/clamav6 versions+5

Patches

Patch: secunia.comPatch: sourceforge.netPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
GHSA-p592-g5c7-x7w6: Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab2022-05-01
OSV
CVE-2007-1997: Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab2007-04-16
CVEList
CVE-2007-1997: Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab2007-04-16

💥Exploits & PoCs

2
Exploit-DB
PHP 5.2.5 - Multiple GetText functions Denial of Service Vulnerabilities2007-11-13
Exploit-DB
VCDGear 3.56 Build 050213 - 'FILE' Local Code Execution2007-04-13

📋Vendor Advisories

1
Debian
CVE-2007-1997: clamav - Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in...2007

💬Community

1
Bugzilla
CVE-2007-1745: clamav < 0.90.2 chm unpack issue2007-04-18
CVE-2007-1997 — Clam Anti-virus Clamav vulnerability | cvebase