ByteOS Network

Vulnerability Details :

CVE-2007-3123

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-07 Jun, 2007 | 21:00

Updated At-07 Aug, 2024 | 14:05

unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:07 Jun, 2007 | 21:00

Updated At:07 Aug, 2024 | 14:05

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://secunia.com/advisories/25796	third-party-advisory x_refsource_SECUNIA
http://www.securityfocus.com/bid/24289	vdb-entry x_refsource_BID
http://osvdb.org/35522	vdb-entry x_refsource_OSVDB
http://www.novell.com/linux/security/advisories/2007_33_clamav.html	vendor-advisory x_refsource_SUSE
http://secunia.com/advisories/25525	third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/25523	third-party-advisory x_refsource_SECUNIA
http://www.debian.org/security/2007/dsa-1320	vendor-advisory x_refsource_DEBIAN
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=521	x_refsource_CONFIRM
http://kolab.org/security/kolab-vendor-notice-15.txt	x_refsource_CONFIRM
http://secunia.com/advisories/25688	third-party-advisory x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/34778	vdb-entry x_refsource_XF
http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html	mailing-list x_refsource_MLIST
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog	x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-200706-05.xml	vendor-advisory x_refsource_GENTOO

Hyperlink: http://secunia.com/advisories/25796

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://www.securityfocus.com/bid/24289

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://osvdb.org/35522

Resource:

vdb-entry

x_refsource_OSVDB

Hyperlink: http://www.novell.com/linux/security/advisories/2007_33_clamav.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: http://secunia.com/advisories/25525

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://secunia.com/advisories/25523

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://www.debian.org/security/2007/dsa-1320

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=521

Resource:

x_refsource_CONFIRM

Hyperlink: http://kolab.org/security/kolab-vendor-notice-15.txt

Resource:

x_refsource_CONFIRM

Hyperlink: http://secunia.com/advisories/25688

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/34778

Resource:

vdb-entry

x_refsource_XF

Hyperlink: http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

Resource:

x_refsource_CONFIRM

Hyperlink: http://security.gentoo.org/glsa/glsa-200706-05.xml

Resource:

vendor-advisory

x_refsource_GENTOO

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://secunia.com/advisories/25796	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.securityfocus.com/bid/24289	vdb-entry x_refsource_BID x_transferred
http://osvdb.org/35522	vdb-entry x_refsource_OSVDB x_transferred
http://www.novell.com/linux/security/advisories/2007_33_clamav.html	vendor-advisory x_refsource_SUSE x_transferred
http://secunia.com/advisories/25525	third-party-advisory x_refsource_SECUNIA x_transferred
http://secunia.com/advisories/25523	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.debian.org/security/2007/dsa-1320	vendor-advisory x_refsource_DEBIAN x_transferred
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=521	x_refsource_CONFIRM x_transferred
http://kolab.org/security/kolab-vendor-notice-15.txt	x_refsource_CONFIRM x_transferred
http://secunia.com/advisories/25688	third-party-advisory x_refsource_SECUNIA x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/34778	vdb-entry x_refsource_XF x_transferred
http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html	mailing-list x_refsource_MLIST x_transferred
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog	x_refsource_CONFIRM x_transferred
http://security.gentoo.org/glsa/glsa-200706-05.xml	vendor-advisory x_refsource_GENTOO x_transferred

Hyperlink: http://secunia.com/advisories/25796

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://www.securityfocus.com/bid/24289

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: http://osvdb.org/35522

Resource:

vdb-entry

x_refsource_OSVDB

x_transferred

Hyperlink: http://www.novell.com/linux/security/advisories/2007_33_clamav.html

Resource:

vendor-advisory

x_refsource_SUSE

x_transferred

Hyperlink: http://secunia.com/advisories/25525

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://secunia.com/advisories/25523

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://www.debian.org/security/2007/dsa-1320

Resource:

vendor-advisory

x_refsource_DEBIAN

x_transferred

Hyperlink: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=521

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://kolab.org/security/kolab-vendor-notice-15.txt

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://secunia.com/advisories/25688

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/34778

Resource:

vdb-entry

x_refsource_XF

x_transferred

Hyperlink: http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://security.gentoo.org/glsa/glsa-200706-05.xml

Resource:

vendor-advisory

x_refsource_GENTOO

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:07 Jun, 2007 | 21:30

Updated At:29 Jul, 2017 | 01:31

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:N/I:N/A:P

CPE Matches

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://kolab.org/security/kolab-vendor-notice-15.txt	cve@mitre.org	N/A
http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html	cve@mitre.org	Patch
http://osvdb.org/35522	cve@mitre.org	N/A
http://secunia.com/advisories/25523	cve@mitre.org	N/A
http://secunia.com/advisories/25525	cve@mitre.org	N/A
http://secunia.com/advisories/25688	cve@mitre.org	N/A
http://secunia.com/advisories/25796	cve@mitre.org	N/A
http://security.gentoo.org/glsa/glsa-200706-05.xml	cve@mitre.org	N/A
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog	cve@mitre.org	N/A
http://www.debian.org/security/2007/dsa-1320	cve@mitre.org	N/A
http://www.novell.com/linux/security/advisories/2007_33_clamav.html	cve@mitre.org	N/A
http://www.securityfocus.com/bid/24289	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/34778	cve@mitre.org	N/A
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=521	cve@mitre.org	Patch

Hyperlink: http://kolab.org/security/kolab-vendor-notice-15.txt

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html

Source: cve@mitre.org

Resource:

Patch

Hyperlink: http://osvdb.org/35522

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/25523

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/25525

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/25688

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/25796

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://security.gentoo.org/glsa/glsa-200706-05.xml

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.debian.org/security/2007/dsa-1320

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.novell.com/linux/security/advisories/2007_33_clamav.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/24289

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/34778

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=521

Source: cve@mitre.org

Resource:

Patch

Similar CVEs

14Records found

CVE-2006-6481

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-5||MEDIUM

EPSS-3.76% / 87.57%

7 Day CHG~0.00%

Published-12 Dec, 2006 | 01:00

Updated-07 Aug, 2024 | 20:26

Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406.

Vendor-clam_anti-virus n/a

Product-clamav n/a

CVE-2006-5874

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-5||MEDIUM

EPSS-1.42% / 79.78%

7 Day CHG~0.00%

Published-10 Dec, 2006 | 02:00

Updated-07 Aug, 2024 | 20:04

Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference.

Vendor-clam_anti-virus n/a

Product-clamav n/a

CVE-2006-1630

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-5||MEDIUM

EPSS-16.99% / 94.71%

7 Day CHG~0.00%

Published-06 Apr, 2006 | 22:00

Updated-03 Apr, 2025 | 01:03

The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access."

Vendor-clam_anti-virus n/a

Product-clamav n/a

CVE-2005-2919

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-5||MEDIUM

EPSS-2.91% / 85.82%

7 Day CHG~0.00%

Published-20 Sep, 2005 | 04:00

Updated-03 Apr, 2025 | 01:03

libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to cause a denial of service (infinite loop) via a crafted FSG packed executable.

Vendor-clam_anti-virus n/a

Product-clamav n/a

CVE-2005-1922

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-5||MEDIUM

EPSS-0.74% / 71.96%

7 Day CHG~0.00%

Published-30 Jun, 2005 | 04:00

Updated-03 Apr, 2025 | 01:03

The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 allows remote attackers to cause a denial of service (file descriptor and memory consumption) via a crafted file that causes repeated errors in the cli_msexpand function.

Vendor-clam_anti-virus n/a

Product-clamav n/a

CVE-2005-0133

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-5||MEDIUM

EPSS-1.31% / 78.94%

7 Day CHG~0.00%

Published-06 Feb, 2005 | 05:00

Updated-03 Apr, 2025 | 01:03

ClamAV 0.80 and earlier allows remote attackers to cause a denial of service (clamd daemon crash) via a ZIP file with malformed headers.

Vendor-clam_anti-virus n/a

Product-clamav n/a

CVE-2006-5295

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-5||MEDIUM

EPSS-20.86% / 95.40%

7 Day CHG~0.00%

Published-16 Oct, 2006 | 23:00

Updated-07 Aug, 2024 | 19:48

Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location."

Vendor-clam_anti-virus n/a

Product-clamav n/a

CVE-2008-1389

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-5||MEDIUM

EPSS-8.61% / 92.05%

7 Day CHG~0.00%

Published-04 Sep, 2008 | 16:00

Updated-07 Aug, 2024 | 08:17

libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access."

Vendor-clam_anti-virus n/a

Product-clamav n/a

CWE ID-CWE-399

Not Available

CVE-2005-3500

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-5||MEDIUM

EPSS-5.93% / 90.28%

7 Day CHG~0.00%

Published-05 Nov, 2005 | 11:00

Updated-03 Apr, 2025 | 01:03

The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the same block.

Vendor-clam_anti-virus n/a

Product-clamav n/a

CVE-2008-3215

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-5||MEDIUM

EPSS-3.64% / 87.37%

7 Day CHG~0.00%

Published-18 Jul, 2008 | 16:00

Updated-07 Aug, 2024 | 09:28

libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713.

Vendor-clam_anti-virus n/a

Product-clamav n/a

CWE ID-CWE-399

Not Available

CVE-2008-2713

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-5||MEDIUM

EPSS-3.21% / 86.52%

7 Day CHG~0.00%

Published-16 Jun, 2008 | 21:00

Updated-07 Aug, 2024 | 09:14

libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read.

Vendor-clam_anti-virus n/a

Product-clamav n/a

CWE ID-CWE-399

Not Available

CVE-2008-1837

Matching Score-8

Assigner-Red Hat, Inc.

View Details

Matching Score-8

Assigner-Red Hat, Inc.

CVSS Score-5||MEDIUM

EPSS-9.30% / 92.43%

7 Day CHG~0.00%

Published-16 Apr, 2008 | 16:00

Updated-07 Aug, 2024 | 08:40

libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats.

Vendor-clam_anti-virus n/a

Product-clamav n/a

CWE ID-CWE-399

Not Available

CVE-2007-3025

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-5||MEDIUM

EPSS-0.58% / 68.03%

7 Day CHG~0.00%

Published-07 Jun, 2007 | 22:00

Updated-17 Sep, 2024 | 03:08

Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions.

Vendor-clam_anti-virus n/a Sun Microsystems (Oracle Corporation)

Product-solaris clamav n/a

CVE-2004-0270

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-5||MEDIUM

EPSS-11.11% / 93.18%

7 Day CHG~0.00%

Published-01 Sep, 2004 | 04:00

Updated-03 Apr, 2025 | 01:03

libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program.

Vendor-clam_anti-virus n/a

Product-clamav n/a

CVE-2007-3123

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs