CVE-2007-6337

Mandriva Linux Security Advisory 2008-003

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors.

Vulnerabilidad no especificada en el algoritmo de descompresión bzip2 en nsis/bzlib_private.h de ClamAV anterior a 0.92 tiene impacto y vectores de ataque remotos desconocidos.

iDefense reported an integer overflow vulnerability in the cli_scanpe() function when parsing Portable Executable (PE) files packed in the MEW format, that could be exploited to cause a heap-based buffer overflow (CVE-2007-6335). Toeroek Edwin reported an off-by-one error when decompressing MS-ZIP compressed CAB files (CVE-2007-6336). An unspecified vulnerability related to the bzip2 decompression algorithm has also been discovered (CVE-2007-6337). Versions less than 0.91.2-r1 are affected.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-12-13 CVE Reserved
2007-12-29 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (17)

URL	Tag	Source
http://docs.info.apple.com/article.html?artnum=307562	X_refsource_confirm
http://osvdb.org/42293	Vdb Entry
http://secunia.com/advisories/28153	Third Party Advisory
http://secunia.com/advisories/28278	Third Party Advisory
http://secunia.com/advisories/28412	Third Party Advisory
http://secunia.com/advisories/28421	Third Party Advisory
http://secunia.com/advisories/28587	Third Party Advisory
http://secunia.com/advisories/29420	Third Party Advisory
http://securitytracker.com/id?1019149	Vdb Entry
http://www.vupen.com/english/advisories/2008/0924/references	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://www.securityfocus.com/bid/27063	2011-03-08

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	2011-03-08
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html	2011-03-08
http://security.gentoo.org/glsa/glsa-200712-20.xml	2011-03-08
http://www.mandriva.com/security/advisories?name=MDVSA-2008:003	2011-03-08
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html	2011-03-08
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html	2011-03-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Clam Anti-virus Search vendor "Clam Anti-virus"	Clamav Search vendor "Clam Anti-virus" for product "Clamav"	0.91.2 Search vendor "Clam Anti-virus" for product "Clamav" and version "0.91.2"	-	Affected	in	Gentoo Search vendor "Gentoo"	Linux Search vendor "Gentoo" for product "Linux"	*	-	Safe