Vulnerability Name:

CVE-2007-2029 (CCN-34083)

Assigned:2007-04-25
Published:2007-04-25
Updated:2017-07-29
Summary:File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file.
CVSS v3 Severity:7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-399
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2007-2029

Source: OSVDB
Type: UNKNOWN
34916

Source: SECUNIA
Type: Patch, Vendor Advisory
25028

Source: SECUNIA
Type: Vendor Advisory
25189

Source: CCN
Type: SourceForge.net: Files
Clam AntiVirus - File Release Notes and Changelog - Release Name: 0.90.2

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-1281

Source: DEBIAN
Type: DSA-1281
clamav -- several vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:098

Source: CCN
Type: OSVDB ID: 34916
Clam AntiVirus PDF Handling File Descriptor Leak DoS

Source: BID
Type: Patch
23656

Source: CCN
Type: BID-23656
Clam AntiVirus ClamAV PDF Handling Remote Denial Of Service Vulnerability

Source: XF
Type: UNKNOWN
clamav-pdfhandler-dos(34083)

Source: XF
Type: UNKNOWN
clamav-pdfhandler-dos(34083)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:arm:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:mips:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:arm:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:mips:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:s-390:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*
  • AND
  • cpe:/a:clam_anti-virus:clamav:0.84_rc2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:clamav:clamav:0.84:rc2:*:*:*:*:*:*
  • AND
  • cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:20212
    P
    		DSA-1281-1 clamav - several vulnerabilities
    2014-06-23
    oval:org.debian:def:1281
    V
    		several vulnerabilities
    2007-04-25
    BACK
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 4.0
    debian debian linux 4.0
    debian debian linux 4.0
    debian debian linux 4.0
    debian debian linux 4.0
    debian debian linux 4.0
    debian debian linux 4.0
    debian debian linux 4.0
    debian debian linux 4.0
    debian debian linux 4.0
    debian debian linux 4.0
    debian debian linux 4.0
    debian debian linux 4.0
    clam_anti-virus clamav 0.84_rc2
    clamav clamav 0.84 rc2
    mandrakesoft mandrake linux corporate server 3.0
    debian debian linux 3.1
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    mandrakesoft mandrake linux 2007.1