CVE-2007-6029 — Code Injection in Anti-virus Clamav

CWE-94 — Code Injection5 documents5 sources

Severity

7.5HIGHNVD

EPSS

1.9%

top 16.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clam Anti-virus Clamav

Timeline

PublishedNov 20

Latest updateMay 1

Description

Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDclam_anti-virus/clamav0.91.1, 0.91.2+1

🔴Vulnerability Details

GHSA

GHSA-qhrg-96c8-3v5f: Unspecified vulnerability in ClamAV 0↗2022-05-01

▶

CVEList

CVE-2007-6029: Unspecified vulnerability in ClamAV 0↗2007-11-20

▶

📋Vendor Advisories

Red Hat

clamav code execution via unspecified vulnerability↗2007-11-15

▶

💬Community

Bugzilla

CVE-2007-6029 clamav code execution via unspecified vulnerability↗2007-11-20

▶