CVE-2007-2966

CWE-119 — Buffer Overflow3 documents3 sources

Severity

7.5HIGH

EPSS

6.0%

top 9.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F-secure F-secure Anti-virus F-secure F-secure Anti-virus Client Security F-secure F-secure Anti-virus Linux Client Security +4 more

Timeline

PublishedMay 31

Latest updateMay 1

Description

Buffer overflow in the LHA decompression component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages7 packages

▶NVDf-secure/f-secure_anti-virus_linux5.30

▶NVDf-secure/f-secure_anti-virus_linux_client_security5.30

▶NVDf-secure/f-secure_anti-virus4.65+8

▶NVDf-secure/f-secure_anti-virus_client_security6.03

▶NVDf-secure/f-secure_protection_service6.40

Patches

Patch: secunia.com ↗Patch: www.f-secure.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-4mrv-mjwm-cjf7: Buffer overflow in the LHA decompression component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attac↗2022-05-01

▶

CVEList

CVE-2007-2966: Buffer overflow in the LHA decompression component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attac↗2007-05-31

▶