Vulnerability Name:

CVE-2007-1745 (CCN-33636)

Assigned:2007-04-12
Published:2007-04-12
Updated:2017-07-29
Summary:The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897.
Note: some of these details are obtained from third party information.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:7.1 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2007-1745

Source: CCN
Type: Apple Web site
About Security Update 2008-002

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=307562

Source: APPLE
Type: UNKNOWN
APPLE-SA-2008-03-18

Source: OSVDB
Type: UNKNOWN
34913

Source: CCN
Type: SA24891
Clam AntiVirus Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
24891

Source: SECUNIA
Type: UNKNOWN
24920

Source: SECUNIA
Type: UNKNOWN
24946

Source: SECUNIA
Type: UNKNOWN
24996

Source: SECUNIA
Type: UNKNOWN
25022

Source: SECUNIA
Type: UNKNOWN
25028

Source: SECUNIA
Type: UNKNOWN
25189

Source: CCN
Type: SA29420
Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
29420

Source: GENTOO
Type: UNKNOWN
GLSA-200704-21

Source: CONFIRM
Type: UNKNOWN
http://sourceforge.net/project/shownotes.php?release_id=500765

Source: CCN
Type: SourceForge.net: Files
Clam AntiVirus - File Release Notes and Changelog - Release Name: 0.90.2

Source: CONFIRM
Type: UNKNOWN
http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html

Source: DEBIAN
Type: UNKNOWN
DSA-1281

Source: DEBIAN
Type: DSA-1281
clamav -- several vulnerabilities

Source: CCN
Type: GLSA-200704-21
ClamAV: Multiple vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:098

Source: SUSE
Type: UNKNOWN
SUSE-SA:2007:026

Source: CCN
Type: OSVDB ID: 34913
Clam AntiVirus libclamav/chmunpack.c chm_decompress_stream Function File Descriptor Leak

Source: BID
Type: UNKNOWN
23473

Source: CCN
Type: BID-23473
ClamAV Multiple Remote Vulnerabilities

Source: TRUSTIX
Type: UNKNOWN
2007-0013

Source: VUPEN
Type: UNKNOWN
ADV-2007-1378

Source: VUPEN
Type: UNKNOWN
ADV-2008-0924

Source: XF
Type: UNKNOWN
clamav-chmdecompressstream-dos(33636)

Source: XF
Type: UNKNOWN
clamav-chmdecompressstream-dos(33636)

Source: SUSE
Type: SUSE-SA:2007:026
clamav 0.90.2 security update

Vulnerable Configuration:Configuration 1:
  • cpe:/a:clam_anti-virus:clamav:*:*:*:*:*:*:*:* (Version <= 0.90.1)
  • OR cpe:/a:ifenslave:ifenslave:0.88:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20071745
    V
    		CVE-2007-1745
    2022-06-30
    oval:org.opensuse.security:def:42281
    P
    		Security update for curl (Moderate)
    2022-05-13
    oval:org.opensuse.security:def:112078
    P
    		clamav-0.103.3-1.4 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:31752
    P
    		Security update for MozillaFirefox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:31755
    P
    		Security update for libvirt (Important)
    2022-01-10
    oval:org.opensuse.security:def:26224
    P
    		Security update for libvirt (Important)
    2022-01-05
    oval:org.opensuse.security:def:33061
    P
    		Security update for glib-networking (Important)
    2021-12-13
    oval:org.opensuse.security:def:32230
    P
    		Security update for xen (Moderate)
    2021-12-01
    oval:org.opensuse.security:def:31713
    P
    		Security update for clamav (Moderate)
    2021-12-01
    oval:org.opensuse.security:def:31708
    P
    		Security update for webkit2gtk3 (Important)
    2021-11-23
    oval:org.opensuse.security:def:31308
    P
    		Security update for postgresql96 (Important)
    2021-11-22
    oval:org.opensuse.security:def:26156
    P
    		Security update for open-lldp (Moderate)
    2021-10-26
    oval:org.opensuse.security:def:26142
    P
    		Security update for apache2 (Important)
    2021-10-06
    oval:org.opensuse.security:def:105621
    P
    		clamav-0.103.3-1.4 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:32174
    P
    		Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)
    2021-08-25
    oval:org.opensuse.security:def:31664
    P
    		Security update for cpio (Important)
    2021-08-14
    oval:org.opensuse.security:def:32161
    P
    		Security update for cpio (Important)
    2021-08-14
    oval:org.opensuse.security:def:26103
    P
    		Security update for the Linux Kernel (Important)
    2021-08-10
    oval:org.opensuse.security:def:31231
    P
    		Security update for the Linux Kernel (Important)
    2021-07-22
    oval:org.opensuse.security:def:31650
    P
    		Security update for arpwatch (Important)
    2021-06-28
    oval:org.opensuse.security:def:31651
    P
    		Security update for libsolv (Important)
    2021-06-28
    oval:org.opensuse.security:def:26073
    P
    		Security update for libjpeg-turbo (Moderate)
    2021-06-11
    oval:org.opensuse.security:def:32117
    P
    		Security update for caribou (Important)
    2021-06-10
    oval:org.opensuse.security:def:36098
    P
    		clamav-0.98.7-0.3.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:42505
    P
    		clamav-0.98.7-0.3.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:42084
    P
    		Security update for qemu (Important)
    2021-06-08
    oval:org.opensuse.security:def:32095
    P
    		Security update for libxml2 (Important)
    2021-05-19
    oval:org.opensuse.security:def:31157
    P
    		Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)
    2021-04-28
    oval:org.opensuse.security:def:31608
    P
    		Security update for xen (Important)
    2021-04-19
    oval:org.opensuse.security:def:31145
    P
    		Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)
    2021-04-07
    oval:org.opensuse.security:def:31146
    P
    		Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)
    2021-04-07
    oval:org.opensuse.security:def:31363
    P
    		Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)
    2021-03-17
    oval:org.opensuse.security:def:32279
    P
    		Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)
    2021-03-17
    oval:org.opensuse.security:def:31365
    P
    		Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)
    2021-03-17
    oval:org.opensuse.security:def:31353
    P
    		Security update for the Linux Kernel (Important)
    2021-03-09
    oval:org.opensuse.security:def:26200
    P
    		Security update for glibc (Moderate)
    2021-02-25
    oval:org.opensuse.security:def:31342
    P
    		Security update for screen (Important)
    2021-02-17
    oval:org.opensuse.security:def:31341
    P
    		Security update for jasper (Important)
    2021-02-16
    oval:org.opensuse.security:def:33022
    P
    		Security update for python3 (Important)
    2021-02-08
    oval:org.opensuse.security:def:31216
    P
    		Security update for postgresql, postgresql12, postgresql13 (Important)
    2021-01-26
    oval:org.opensuse.security:def:26054
    P
    		Security update for flac (Moderate)
    2021-01-04
    oval:org.opensuse.security:def:32838
    P
    		Security update for openexr (Moderate)
    2020-12-23
    oval:org.opensuse.security:def:32018
    P
    		Security update for MozillaFirefox (Critical)
    2020-12-21
    oval:org.opensuse.security:def:31565
    P
    		Security update for openssl (Important)
    2020-12-11
    oval:org.opensuse.security:def:32007
    P
    		Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP3) (Important)
    2020-12-07
    oval:org.opensuse.security:def:31084
    P
    		Security update for postgresql12 (Important)
    2020-12-04
    oval:org.opensuse.security:def:35874
    P
    		clamav-0.97.7-0.3.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35530
    P
    		clamav-0.96-0.12.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:31559
    P
    		Security update for gdm (Important)
    2020-12-03
    oval:org.opensuse.security:def:41937
    P
    		clamav-0.96-0.12.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35677
    P
    		clamav-0.97.3-0.2.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:25436
    P
    		Security update for libgcrypt (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25766
    P
    		Security update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:26838
    P
    		w3m on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25648
    P
    		Security update for python36 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25932
    P
    		Security update for gstreamer-plugins-base (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26277
    P
    		Security update for libreoffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26423
    P
    		Security update for opencv (Important)
    2020-12-01
    oval:org.opensuse.security:def:30998
    P
    		Security update for jasper (Low)
    2020-12-01
    oval:org.opensuse.security:def:31774
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:31599
    P
    		Security update for tiff (Low)
    2020-12-01
    oval:org.opensuse.security:def:31899
    P
    		Security update for MozillaFirefox, firefox-glib2, firefox-gtk3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:32642
    P
    		clamav on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32056
    P
    		Security update for kvm (Important)
    2020-12-01
    oval:org.opensuse.security:def:32799
    P
    		tomcat6 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31874
    P
    		Security update for cyrus-imapd (Important)
    2020-12-01
    oval:org.opensuse.security:def:32384
    P
    		Security update for tiff (Low)
    2020-12-01
    oval:org.opensuse.security:def:25082
    P
    		Security update for ncurses (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25366
    P
    		Security update for ghostscript (Important)
    2020-12-01
    oval:org.opensuse.security:def:25711
    P
    		Security update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25857
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25228
    P
    		Security update for LibreOffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25432
    P
    		Security update for ibus (Important)
    2020-12-01
    oval:org.opensuse.security:def:25805
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:25960
    P
    		Security update for gimp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25500
    P
    		Security update for webkit2gtk3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25850
    P
    		Security update for libreoffice (Low)
    2020-12-01
    oval:org.opensuse.security:def:26873
    P
    		clamav on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25659
    P
    		Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25989
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26326
    P
    		Security update for MozillaThunderbird (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27061
    P
    		xorg-x11-libxcb-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:30999
    P
    		Security update for IBM Java
    2020-12-01
    oval:org.opensuse.security:def:31818
    P
    		Security update for audiofile (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31921
    P
    		Security update for ghostscript-library (Important)
    2020-12-01
    oval:org.opensuse.security:def:31427
    P
    		Security update for php53 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31795
    P
    		Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)
    2020-12-01
    oval:org.opensuse.security:def:31576
    P
    		Security update for sudo (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31931
    P
    		Security update for glibc (Important)
    2020-12-01
    oval:org.opensuse.security:def:25093
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:25423
    P
    		Security update for mariadb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25760
    P
    		Security update for flash-player (Critical)
    2020-12-01
    oval:org.opensuse.security:def:26495
    P
    		Security update for phpMyAdmin (Important)
    2020-12-01
    oval:org.opensuse.security:def:25229
    P
    		Security update for dbus-1 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25513
    P
    		Security update for java-11-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:25858
    P
    		Security update for util-linux (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26004
    P
    		Security update for shotwell (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25424
    P
    		Security update for ucode-intel (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25628
    P
    		Security update for dpdk (Critical)
    2020-12-01
    oval:org.opensuse.security:def:26001
    P
    		Security update for openexr (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25723
    P
    		Security update for apache2-mod_auth_openidc (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26365
    P
    		Security update of chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:27096
    P
    		clamav on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31010
    P
    		Security update for IBM Java
    2020-12-01
    oval:org.opensuse.security:def:32456
    P
    		Security update for xorg-x11-libX11 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31455
    P
    		Security update for postgresql10 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31811
    P
    		Security update for apache2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31965
    P
    		Security update for icu (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31951
    P
    		Security update for grub2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:32318
    P
    		Security update for rsync (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25157
    P
    		Security update for shibboleth-sp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25507
    P
    		Security update for git (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25799
    P
    		Security update for gcc48 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26530
    P
    		clamav on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25240
    P
    		Security update for mariadb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25570
    P
    		Security update for mailman (Important)
    2020-12-01
    oval:org.opensuse.security:def:25907
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:26642
    P
    		sysstat on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25425
    P
    		Security update for bluez (Important)
    2020-12-01
    oval:org.opensuse.security:def:25709
    P
    		Security update for java-1_8_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:25647
    P
    		Security update for freetype2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25851
    P
    		Security update for freerdp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26379
    P
    		Security update for irssi (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31452
    P
    		Security update for postgresql10 (Important)
    2020-12-01
    oval:org.opensuse.security:def:32495
    P
    		clamav on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31512
    P
    		Recommended update for python 2.7 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31860
    P
    		Security update for curl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32603
    P
    		squid on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31564
    P
    		Security update for squid3 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31782
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:32340
    P
    		Security update for socat (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25081
    P
    		Security update for libarchive (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25285
    P
    		Security update for tomcat (Important)
    2020-12-01
    oval:org.opensuse.security:def:25658
    P
    		Security update for liblouis (Low)
    2020-12-01
    oval:org.opensuse.security:def:25813
    P
    		Security update for libssh (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25304
    P
    		Security update for apache2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25654
    P
    		Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:25946
    P
    		Security update for gnome-shell (Low)
    2020-12-01
    oval:org.opensuse.security:def:26677
    P
    		clamav on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:20212
    P
    		DSA-1281-1 clamav - several vulnerabilities
    2014-06-23
    oval:org.debian:def:1281
    V
    		several vulnerabilities
    2007-04-25
    BACK
    clam_anti-virus clamav *
    ifenslave ifenslave 0.88