Vulnerability Details CVE-2007-0897
Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.051
EPSS Ranking 89.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 4.3
References
- http://docs.info.apple.com/article.html?artnum=307562
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=475
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://lists.suse.com/archive/suse-security-announce/2007-Feb/0004.html
- http://osvdb.org/32283
- http://secunia.com/advisories/24183
- http://secunia.com/advisories/24187
- http://secunia.com/advisories/24192
- http://secunia.com/advisories/24319
- http://secunia.com/advisories/24332
- http://secunia.com/advisories/24425
- http://secunia.com/advisories/29420
- http://security.gentoo.org/glsa/glsa-200703-03.xml
- http://www.debian.org/security/2007/dsa-1263
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:043
- http://www.securityfocus.com/bid/22580
- http://www.securitytracker.com/id?1017659
- http://www.vupen.com/english/advisories/2007/0623
- http://www.vupen.com/english/advisories/2008/0924/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32531
- http://docs.info.apple.com/article.html?artnum=307562
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=475
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://lists.suse.com/archive/suse-security-announce/2007-Feb/0004.html
- http://osvdb.org/32283
- http://secunia.com/advisories/24183
- http://secunia.com/advisories/24187
- http://secunia.com/advisories/24192
- http://secunia.com/advisories/24319
- http://secunia.com/advisories/24332
- http://secunia.com/advisories/24425
- http://secunia.com/advisories/29420
- http://security.gentoo.org/glsa/glsa-200703-03.xml
- http://www.debian.org/security/2007/dsa-1263
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:043
- http://www.securityfocus.com/bid/22580
- http://www.securitytracker.com/id?1017659
- http://www.vupen.com/english/advisories/2007/0623
- http://www.vupen.com/english/advisories/2008/0924/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32531
Products affected by CVE-2007-0897
-
cpe:2.3:a:clamav:clamav:-
-
cpe:2.3:a:clamav:clamav:0.01
-
cpe:2.3:a:clamav:clamav:0.02
-
cpe:2.3:a:clamav:clamav:0.03
-
cpe:2.3:a:clamav:clamav:0.05
-
cpe:2.3:a:clamav:clamav:0.10
-
cpe:2.3:a:clamav:clamav:0.12
-
cpe:2.3:a:clamav:clamav:0.13
-
cpe:2.3:a:clamav:clamav:0.14
-
cpe:2.3:a:clamav:clamav:0.15
-
cpe:2.3:a:clamav:clamav:0.20
-
cpe:2.3:a:clamav:clamav:0.21
-
cpe:2.3:a:clamav:clamav:0.22
-
cpe:2.3:a:clamav:clamav:0.23
-
cpe:2.3:a:clamav:clamav:0.24
-
cpe:2.3:a:clamav:clamav:0.3
-
cpe:2.3:a:clamav:clamav:0.51
-
cpe:2.3:a:clamav:clamav:0.52
-
cpe:2.3:a:clamav:clamav:0.53
-
cpe:2.3:a:clamav:clamav:0.54
-
cpe:2.3:a:clamav:clamav:0.60
-
cpe:2.3:a:clamav:clamav:0.60p
-
cpe:2.3:a:clamav:clamav:0.65
-
cpe:2.3:a:clamav:clamav:0.66
-
cpe:2.3:a:clamav:clamav:0.67
-
cpe:2.3:a:clamav:clamav:0.67-1
-
cpe:2.3:a:clamav:clamav:0.68
-
cpe:2.3:a:clamav:clamav:0.68.1
-
cpe:2.3:a:clamav:clamav:0.70
-
cpe:2.3:a:clamav:clamav:0.70.0
-
cpe:2.3:a:clamav:clamav:0.71
-
cpe:2.3:a:clamav:clamav:0.71.0
-
cpe:2.3:a:clamav:clamav:0.72
-
cpe:2.3:a:clamav:clamav:0.72.0
-
cpe:2.3:a:clamav:clamav:0.73
-
cpe:2.3:a:clamav:clamav:0.73.0
-
cpe:2.3:a:clamav:clamav:0.74
-
cpe:2.3:a:clamav:clamav:0.74.0
-
cpe:2.3:a:clamav:clamav:0.75
-
cpe:2.3:a:clamav:clamav:0.75.0
-
cpe:2.3:a:clamav:clamav:0.75.1
-
cpe:2.3:a:clamav:clamav:0.8
-
cpe:2.3:a:clamav:clamav:0.80
-
cpe:2.3:a:clamav:clamav:0.80.0
-
cpe:2.3:a:clamav:clamav:0.80_rc
-
cpe:2.3:a:clamav:clamav:0.81
-
cpe:2.3:a:clamav:clamav:0.81.0
-
cpe:2.3:a:clamav:clamav:0.82
-
cpe:2.3:a:clamav:clamav:0.82.0
-
cpe:2.3:a:clamav:clamav:0.83
-
cpe:2.3:a:clamav:clamav:0.83.0
-
cpe:2.3:a:clamav:clamav:0.84
-
cpe:2.3:a:clamav:clamav:0.84.0
-
cpe:2.3:a:clamav:clamav:0.85
-
cpe:2.3:a:clamav:clamav:0.85.0
-
cpe:2.3:a:clamav:clamav:0.85.1
-
cpe:2.3:a:clamav:clamav:0.86
-
cpe:2.3:a:clamav:clamav:0.86.0
-
cpe:2.3:a:clamav:clamav:0.86.1
-
cpe:2.3:a:clamav:clamav:0.86.2
-
cpe:2.3:a:clamav:clamav:0.87
-
cpe:2.3:a:clamav:clamav:0.87.0
-
cpe:2.3:a:clamav:clamav:0.87.1
-
cpe:2.3:a:clamav:clamav:0.88
-
cpe:2.3:a:clamav:clamav:0.88.0
-
cpe:2.3:a:clamav:clamav:0.88.1
-
cpe:2.3:a:clamav:clamav:0.88.2
-
cpe:2.3:a:clamav:clamav:0.88.3
-
cpe:2.3:a:clamav:clamav:0.88.4
-
cpe:2.3:a:clamav:clamav:0.88.5
-
cpe:2.3:a:clamav:clamav:0.88.6
-
cpe:2.3:a:clamav:clamav:0.88.7
-
cpe:2.3:a:clamav:clamav:0.88.7_p0
-
cpe:2.3:a:clamav:clamav:0.88.7_p1
-
cpe:2.3:a:clamav:clamav:0.9
-
cpe:2.3:o:apple:mac_os_x_server:-
-
cpe:2.3:o:apple:mac_os_x_server:10.0
-
cpe:2.3:o:apple:mac_os_x_server:10.0.0
-
cpe:2.3:o:apple:mac_os_x_server:10.0.1
-
cpe:2.3:o:apple:mac_os_x_server:10.0.2
-
cpe:2.3:o:apple:mac_os_x_server:10.0.3
-
cpe:2.3:o:apple:mac_os_x_server:10.0.4
-
cpe:2.3:o:apple:mac_os_x_server:10.1
-
cpe:2.3:o:apple:mac_os_x_server:10.1.0
-
cpe:2.3:o:apple:mac_os_x_server:10.1.1
-
cpe:2.3:o:apple:mac_os_x_server:10.1.2
-
cpe:2.3:o:apple:mac_os_x_server:10.1.3
-
cpe:2.3:o:apple:mac_os_x_server:10.1.4
-
cpe:2.3:o:apple:mac_os_x_server:10.1.5
-
cpe:2.3:o:apple:mac_os_x_server:10.2
-
cpe:2.3:o:apple:mac_os_x_server:10.2.0
-
cpe:2.3:o:apple:mac_os_x_server:10.2.1
-
cpe:2.3:o:apple:mac_os_x_server:10.2.2
-
cpe:2.3:o:apple:mac_os_x_server:10.2.3
-
cpe:2.3:o:apple:mac_os_x_server:10.2.4
-
cpe:2.3:o:apple:mac_os_x_server:10.2.5
-
cpe:2.3:o:apple:mac_os_x_server:10.2.6
-
cpe:2.3:o:apple:mac_os_x_server:10.2.7
-
cpe:2.3:o:apple:mac_os_x_server:10.2.8
-
cpe:2.3:o:apple:mac_os_x_server:10.3
-
cpe:2.3:o:apple:mac_os_x_server:10.3.0
-
cpe:2.3:o:apple:mac_os_x_server:10.3.1
-
cpe:2.3:o:apple:mac_os_x_server:10.3.2
-
cpe:2.3:o:apple:mac_os_x_server:10.3.3
-
cpe:2.3:o:apple:mac_os_x_server:10.3.4
-
cpe:2.3:o:apple:mac_os_x_server:10.3.5
-
cpe:2.3:o:apple:mac_os_x_server:10.3.6
-
cpe:2.3:o:apple:mac_os_x_server:10.3.7
-
cpe:2.3:o:apple:mac_os_x_server:10.3.8
-
cpe:2.3:o:apple:mac_os_x_server:10.3.9
-
cpe:2.3:o:apple:mac_os_x_server:10.4
-
cpe:2.3:o:apple:mac_os_x_server:10.4.0
-
cpe:2.3:o:apple:mac_os_x_server:10.4.1
-
cpe:2.3:o:apple:mac_os_x_server:10.4.10
-
cpe:2.3:o:apple:mac_os_x_server:10.4.2
-
cpe:2.3:o:apple:mac_os_x_server:10.4.3
-
cpe:2.3:o:apple:mac_os_x_server:10.4.4
-
cpe:2.3:o:apple:mac_os_x_server:10.4.5
-
cpe:2.3:o:apple:mac_os_x_server:10.4.6
-
cpe:2.3:o:apple:mac_os_x_server:10.4.7
-
cpe:2.3:o:apple:mac_os_x_server:10.4.8
-
cpe:2.3:o:apple:mac_os_x_server:10.4.9
-
cpe:2.3:o:apple:mac_os_x_server:5.0.14
-
cpe:2.3:o:apple:mac_os_x_server:5.0.15
-
cpe:2.3:o:apple:mac_os_x_server:5.0.2
-
cpe:2.3:o:apple:mac_os_x_server:5.0.3
-
cpe:2.3:o:debian:debian_linux:3.1