CVE-2007-5497 — Integer Overflow or Wraparound in Filesystems Utilities E2fsprogs

CWE-189 CWE-190 — Integer Overflow or Wraparound12 documents8 sources

Severity

5.8MEDIUMNVD

EPSS

3.0%

top 13.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

E2fsprogs Project E2fsprogs Ext2 Filesystems Utilities E2fsprogs

Timeline

PublishedDec 7

Latest updateMay 1

Description

Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

▶NVDext2_filesystems_utilities/e2fsprogs1.40.2+40

▶Debiane2fsprogs_project/e2fsprogs< 1.40.3-1+3

🔴Vulnerability Details

GHSA

GHSA-r9pv-wqv4-69wf: Multiple integer overflows in libext2fs in e2fsprogs before 1↗2022-05-01

▶

CVEList

CVE-2007-5497: Multiple integer overflows in libext2fs in e2fsprogs before 1↗2007-12-07

▶

OSV

CVE-2007-5497: Multiple integer overflows in libext2fs in e2fsprogs before 1↗2007-12-07

▶

📋Vendor Advisories

Ubuntu

e2fsprogs vulnerability↗2007-12-08

▶

Red Hat

e2fsprogs multiple integer overflows↗2007-12-05

▶

Debian

CVE-2007-5497: e2fsprogs - Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-as...↗2007

▶

💬Community

Bugzilla

CVE-2007-5497 e2fsprogs multiple integer overflows [F8]↗2007-12-06

▶

Bugzilla

CVE-2007-5497 e2fsprogs multiple integer overflows [F6]↗2007-12-06

▶

Bugzilla

CVE-2007-5497 e2fsprogs multiple integer overflows [F7]↗2007-12-06

▶

Bugzilla

CVE-2007-5497 e2fsprogs multiple integer overflows [Fdevel]↗2007-12-06

▶

Bugzilla

CVE-2007-5497 e2fsprogs multiple integer overflows↗2007-11-28

▶