CVE-2007-2972

3 documents3 sources

Severity

7.8HIGH

EPSS

2.6%

top 14.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Avira Antivir Avira AV Pack

Timeline

PublishedJun 1

Latest updateMay 1

Description

The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 allows remote attackers to cause a denial of service (application crash) via a crafted UPX compressed file, which triggers a divide-by-zero error.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶NVDavira/antivir7.04.00.23

▶NVDavira/av_pack7.03.00.08

Patches

Patch: forum.antivir-pe.de ↗Patch: secunia.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-fmjp-wxp5-gjh3: The file parsing engine in Avira Antivir Antivirus before 7↗2022-05-01

▶

CVEList

CVE-2007-2972: The file parsing engine in Avira Antivir Antivirus before 7↗2007-06-01

▶