OpenCVE

The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:M/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Clam Anti-virus	Clamav
Ifenslave	Ifenslave

Configuration 1 [-]

OR	cpe:2.3:a:clam_anti-virus:clamav::::::::
	cpe:2.3:a:ifenslave:ifenslave:0.88:::::::*

No data.

References

Link	Providers
http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://osvdb.org/34913
http://secunia.com/advisories/24891
http://secunia.com/advisories/24920
http://secunia.com/advisories/24946
http://secunia.com/advisories/24996
http://secunia.com/advisories/25022
http://secunia.com/advisories/25028
http://secunia.com/advisories/25189
http://secunia.com/advisories/29420
http://security.gentoo.org/glsa/glsa-200704-21.xml
http://sourceforge.net/project/shownotes.php?release_id=500765
http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html
http://www.debian.org/security/2007/dsa-1281
http://www.mandriva.com/security/advisories?name=MDKSA-2007:098
http://www.novell.com/linux/security/advisories/2007_26_clamav.html
http://www.securityfocus.com/bid/23473
http://www.trustix.org/errata/2007/0013/
http://www.vupen.com/english/advisories/2007/1378
http://www.vupen.com/english/advisories/2008/0924/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/33636

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-16T21:00:00

Updated: 2024-08-07T13:06:26.233Z

Reserved: 2007-03-29T00:00:00

Link: CVE-2007-1745

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-04-16T21:19:00.000

Modified: 2017-07-29T01:30:57.797

Link: CVE-2007-1745

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-13T00:00:00", "descriptions": [{"lang": "en", "value": "The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "25022", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25022"}, {"name": "34913", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/34913"}, {"name": "2007-0013", "tags": ["vendor-advisory", "x_refsource_TRUSTIX"], "url": "http://www.trustix.org/errata/2007/0013/"}, {"name": "23473", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23473"}, {"name": "24996", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24996"}, {"name": "MDKSA-2007:098", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"}, {"name": "ADV-2008-0924", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"name": "SUSE-SA:2007:026", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_26_clamav.html"}, {"name": "29420", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29420"}, {"name": "APPLE-SA-2008-03-18", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"name": "25189", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25189"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"name": "clamav-chmdecompressstream-dos(33636)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33636"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=500765"}, {"name": "ADV-2007-1378", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1378"}, {"name": "25028", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25028"}, {"name": "GLSA-200704-21", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200704-21.xml"}, {"name": "24946", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24946"}, {"name": "DSA-1281", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1281"}, {"name": "24920", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24920"}, {"name": "24891", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24891"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1745", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "25022", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25022"}, {"name": "34913", "refsource": "OSVDB", "url": "http://osvdb.org/34913"}, {"name": "2007-0013", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2007/0013/"}, {"name": "23473", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23473"}, {"name": "24996", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24996"}, {"name": "MDKSA-2007:098", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"}, {"name": "ADV-2008-0924", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"name": "SUSE-SA:2007:026", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_26_clamav.html"}, {"name": "29420", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29420"}, {"name": "APPLE-SA-2008-03-18", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"name": "25189", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25189"}, {"name": "http://docs.info.apple.com/article.html?artnum=307562", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"name": "clamav-chmdecompressstream-dos(33636)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33636"}, {"name": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html", "refsource": "CONFIRM", "url": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=500765", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=500765"}, {"name": "ADV-2007-1378", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1378"}, {"name": "25028", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25028"}, {"name": "GLSA-200704-21", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200704-21.xml"}, {"name": "24946", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24946"}, {"name": "DSA-1281", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2007/dsa-1281"}, {"name": "24920", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24920"}, {"name": "24891", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24891"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:06:26.233Z"}, "title": "CVE Program Container", "references": [{"name": "25022", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25022"}, {"name": "34913", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/34913"}, {"name": "2007-0013", "tags": ["vendor-advisory", "x_refsource_TRUSTIX", "x_transferred"], "url": "http://www.trustix.org/errata/2007/0013/"}, {"name": "23473", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23473"}, {"name": "24996", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24996"}, {"name": "MDKSA-2007:098", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"}, {"name": "ADV-2008-0924", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"name": "SUSE-SA:2007:026", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2007_26_clamav.html"}, {"name": "29420", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29420"}, {"name": "APPLE-SA-2008-03-18", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"name": "25189", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25189"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"name": "clamav-chmdecompressstream-dos(33636)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33636"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?release_id=500765"}, {"name": "ADV-2007-1378", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1378"}, {"name": "25028", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25028"}, {"name": "GLSA-200704-21", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200704-21.xml"}, {"name": "24946", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24946"}, {"name": "DSA-1281", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2007/dsa-1281"}, {"name": "24920", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24920"}, {"name": "24891", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24891"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1745", "datePublished": "2007-04-16T21:00:00", "dateReserved": "2007-03-29T00:00:00", "dateUpdated": "2024-08-07T13:06:26.233Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E081044-20D3-4960-8BAB-6F29092634AC", "versionEndIncluding": "0.90.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ifenslave:ifenslave:0.88:*:*:*:*:*:*:*", "matchCriteriaId": "91523617-C25A-416A-89AD-C9358CDD68FA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "La funci\u00f3n chm_decompress_stream en libclamav/chmunpack.c de Clam AntiVirus (ClamAV) anterior a 0.90.2 filtra descriptores de fichero, lo cual tiene impacto y vectores de ataque desconocidos relacionados con un archivo CHM manipulado, una vulnerabilidad distinta de CVE-2007-0897. NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros."}], "id": "CVE-2007-1745", "lastModified": "2017-07-29T01:30:57.797", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-16T21:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/34913"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24891"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24920"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24946"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24996"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25022"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25028"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25189"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29420"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200704-21.xml"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=500765"}, {"source": "cve@mitre.org", "url": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2007/dsa-1281"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2007_26_clamav.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/23473"}, {"source": "cve@mitre.org", "url": "http://www.trustix.org/errata/2007/0013/"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1378"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33636"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}