CVSS: 7.8EPSS: 5%CPEs: 37EXPL: 0CVE-2007-4577
https://notcve.org/view.php?id=CVE-2007-4577
28 Aug 2007 — Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb"). Sophos Anti-Virus para Unix/Linux anterior a 2.48.0 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante un archivo BZip mal formado que resulta en la creación de múltiples ficheros Engine temporales (también conocida como "bomba BZip"). • http://secunia.com/advisories/26580 • CWE-399: Resource Management Errors •
CVSS: 8.4EPSS: 8%CPEs: 37EXPL: 0CVE-2007-4578
https://notcve.org/view.php?id=CVE-2007-4578
28 Aug 2007 — Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". NOTE: as of 20070828, the vendor says this is a DoS and the researcher says this allows code execution, but the researcher is reliable. Sophos Anti-Virus para Windows y para Unix/Linux anterior a 2.48.0 permite a atacantes remotos provocar una denegación de servicio (caída) y pos... • http://secunia.com/advisories/26580 • CWE-189: Numeric Errors •