CVE Reference: CVE-2007-1745

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2007-1745

Description:
The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/33636

TRUSTIX
  http://www.trustix.org/errata/2007/0013/

SUSE
  http://www.novell.com/linux/security/advisories/2007_26_clamav.html

SAID
  Secunia Advisory: SA25022
  Secunia Advisory: SA24996
  Secunia Advisory: SA24946
  Secunia Advisory: SA24891
  Secunia Advisory: SA24920
  Secunia Advisory: SA25028
  Secunia Advisory: SA25189
  Secunia Advisory: SA29420

OSVDB
  34913

MANDRIVA
  http://www.mandriva.com/security/advisories?name=MDKSA-2007:098

GENTOO
  http://security.gentoo.org/glsa/glsa-200704-21.xml

DEBIAN
  http://www.debian.org/security/2007/dsa-1281

CONFIRM
  http://docs.info.apple.com/article.html?artnum=307562
  http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html
  http://sourceforge.net/project/shownotes.php?release_id=500765

BID
  23473

APPLE
  http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html


Return to the previous page.