CVE-2007-1745 - OpenCVE

The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:M/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Clam Anti-virus	Clamav
Ifenslave	Ifenslave

Configuration 1 [-]

OR	cpe:2.3:a:clam_anti-virus:clamav::::::::
	cpe:2.3:a:ifenslave:ifenslave:0.88:::::::*

References

Link	Resource
http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://osvdb.org/34913
http://secunia.com/advisories/24891	Vendor Advisory
http://secunia.com/advisories/24920
http://secunia.com/advisories/24946
http://secunia.com/advisories/24996
http://secunia.com/advisories/25022
http://secunia.com/advisories/25028
http://secunia.com/advisories/25189
http://secunia.com/advisories/29420
http://security.gentoo.org/glsa/glsa-200704-21.xml
http://sourceforge.net/project/shownotes.php?release_id=500765
http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html
http://www.debian.org/security/2007/dsa-1281
http://www.mandriva.com/security/advisories?name=MDKSA-2007:098
http://www.novell.com/linux/security/advisories/2007_26_clamav.html
http://www.securityfocus.com/bid/23473
http://www.trustix.org/errata/2007/0013/
http://www.vupen.com/english/advisories/2007/1378
http://www.vupen.com/english/advisories/2008/0924/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/33636

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-16T21:00:00

Updated: 2017-07-28T12:57:01

Reserved: 2007-03-29T00:00:00

Link: CVE-2007-1745

JSON object: View

NVD Information

Status : Modified

Published: 2007-04-16T21:19:00.000

Modified: 2017-07-29T01:30:57.797

Link: CVE-2007-1745

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-13T00:00:00", "descriptions": [{"lang": "en", "value": "The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "25022", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25022"}, {"name": "34913", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/34913"}, {"name": "2007-0013", "tags": ["vendor-advisory", "x_refsource_TRUSTIX"], "url": "http://www.trustix.org/errata/2007/0013/"}, {"name": "23473", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23473"}, {"name": "24996", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24996"}, {"name": "MDKSA-2007:098", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"}, {"name": "ADV-2008-0924", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"name": "SUSE-SA:2007:026", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_26_clamav.html"}, {"name": "29420", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29420"}, {"name": "APPLE-SA-2008-03-18", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"name": "25189", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25189"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"name": "clamav-chmdecompressstream-dos(33636)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33636"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=500765"}, {"name": "ADV-2007-1378", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1378"}, {"name": "25028", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25028"}, {"name": "GLSA-200704-21", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200704-21.xml"}, {"name": "24946", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24946"}, {"name": "DSA-1281", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1281"}, {"name": "24920", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24920"}, {"name": "24891", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24891"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1745", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "25022", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25022"}, {"name": "34913", "refsource": "OSVDB", "url": "http://osvdb.org/34913"}, {"name": "2007-0013", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2007/0013/"}, {"name": "23473", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23473"}, {"name": "24996", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24996"}, {"name": "MDKSA-2007:098", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"}, {"name": "ADV-2008-0924", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"name": "SUSE-SA:2007:026", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_26_clamav.html"}, {"name": "29420", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29420"}, {"name": "APPLE-SA-2008-03-18", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"name": "25189", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25189"}, {"name": "http://docs.info.apple.com/article.html?artnum=307562", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"name": "clamav-chmdecompressstream-dos(33636)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33636"}, {"name": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html", "refsource": "CONFIRM", "url": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=500765", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=500765"}, {"name": "ADV-2007-1378", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1378"}, {"name": "25028", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25028"}, {"name": "GLSA-200704-21", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200704-21.xml"}, {"name": "24946", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24946"}, {"name": "DSA-1281", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2007/dsa-1281"}, {"name": "24920", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24920"}, {"name": "24891", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24891"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1745", "datePublished": "2007-04-16T21:00:00", "dateReserved": "2007-03-29T00:00:00", "dateUpdated": "2017-07-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E081044-20D3-4960-8BAB-6F29092634AC", "versionEndIncluding": "0.90.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ifenslave:ifenslave:0.88:*:*:*:*:*:*:*", "matchCriteriaId": "91523617-C25A-416A-89AD-C9358CDD68FA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "La funci\u00f3n chm_decompress_stream en libclamav/chmunpack.c de Clam AntiVirus (ClamAV) anterior a 0.90.2 filtra descriptores de fichero, lo cual tiene impacto y vectores de ataque desconocidos relacionados con un archivo CHM manipulado, una vulnerabilidad distinta de CVE-2007-0897. NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros."}], "id": "CVE-2007-1745", "lastModified": "2017-07-29T01:30:57.797", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-16T21:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://docs.info.apple.com/article.html?artnum=307562"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/34913"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24891"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24920"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24946"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24996"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25022"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25028"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25189"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29420"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200704-21.xml"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=500765"}, {"source": "cve@mitre.org", "url": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2007/dsa-1281"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2007_26_clamav.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/23473"}, {"source": "cve@mitre.org", "url": "http://www.trustix.org/errata/2007/0013/"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1378"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0924/references"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33636"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}