CVE-2007-2967

CWE-20 — Improper Input Validation3 documents3 sources

Severity

10.0CRITICAL

EPSS

10.7%

top 6.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F-secure F-secure Anti-virus F-secure F-secure Anti-virus Client Security F-secure F-secure Anti-virus Linux Client Security +4 more

Timeline

PublishedMay 31

Latest updateMay 1

Description

Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages7 packages

▶NVDf-secure/f-secure_anti-virus_linux5.30

▶NVDf-secure/f-secure_anti-virus_linux_client_security5.30

▶NVDf-secure/f-secure_anti-virus4.65+8

▶NVDf-secure/f-secure_anti-virus_client_security6.03

▶NVDf-secure/f-secure_protection_service6.40

Patches

Patch: www.f-secure.com ↗Patch: www.f-secure.com ↗

🔴Vulnerability Details

GHSA

GHSA-j5hx-5prc-g52j: Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanni↗2022-05-01

▶

CVEList

CVE-2007-2967: Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanni↗2007-05-31

▶