Vulnerability-Lookup

CVE-2007-3725 (GCVE-0-2007-3725)

Vulnerability from cvelistv5 – Published: 2007-07-12 20:00 – Updated: 2024-08-07 14:28

Summary

The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/26231	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://kolab.org/security/kolab-vendor-notice-16.txt	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2007/2509	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/26164	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2007/dsa-1340	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/26226	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/26038	third-party-advisoryx_refsource_SECUNIA
	http://lists.grok.org.uk/pipermail/full-disclosur…	mailing-listx_refsource_FULLDISC
	http://www.vupen.com/english/advisories/2008/0924…	vdb-entryx_refsource_VUPEN
	http://security.gentoo.org/glsa/glsa-200708-04.xml	vendor-advisoryx_refsource_GENTOO
	http://osvdb.org/36907	vdb-entryx_refsource_OSVDB
	https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/29420	third-party-advisoryx_refsource_SECUNIA
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.trustix.org/errata/2007/0023/	vendor-advisoryx_refsource_TRUSTIX
	http://www.metaeye.org/advisories/54	x_refsource_MISC
	http://secunia.com/advisories/26209	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/473371/100…	mailing-listx_refsource_BUGTRAQ
	http://docs.info.apple.com/article.html?artnum=307562	x_refsource_CONFIRM
	http://secunia.com/advisories/26377	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/2643	vdb-entryx_refsource_VUPEN
	http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:28:51.691Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "26231",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26231"
          },
          {
            "name": "clamav-rarvm-dos(35367)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35367"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kolab.org/security/kolab-vendor-notice-16.txt"
          },
          {
            "name": "ADV-2007-2509",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2509"
          },
          {
            "name": "26164",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26164"
          },
          {
            "name": "DSA-1340",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1340"
          },
          {
            "name": "26226",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26226"
          },
          {
            "name": "26038",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26038"
          },
          {
            "name": "20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064569.html"
          },
          {
            "name": "ADV-2008-0924",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0924/references"
          },
          {
            "name": "GLSA-200708-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200708-04.xml"
          },
          {
            "name": "36907",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/36907"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555"
          },
          {
            "name": "MDKSA-2007:150",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:150"
          },
          {
            "name": "29420",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29420"
          },
          {
            "name": "APPLE-SA-2008-03-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
          },
          {
            "name": "2007-0023",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2007/0023/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.metaeye.org/advisories/54"
          },
          {
            "name": "26209",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26209"
          },
          {
            "name": "20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/473371/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=307562"
          },
          {
            "name": "26377",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26377"
          },
          {
            "name": "ADV-2007-2643",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2643"
          },
          {
            "name": "SUSE-SR:2007:015",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-11T04:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T00:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "26231",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26231"
        },
        {
          "name": "clamav-rarvm-dos(35367)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35367"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kolab.org/security/kolab-vendor-notice-16.txt"
        },
        {
          "name": "ADV-2007-2509",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2509"
        },
        {
          "name": "26164",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26164"
        },
        {
          "name": "DSA-1340",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1340"
        },
        {
          "name": "26226",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26226"
        },
        {
          "name": "26038",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26038"
        },
        {
          "name": "20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064569.html"
        },
        {
          "name": "ADV-2008-0924",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0924/references"
        },
        {
          "name": "GLSA-200708-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200708-04.xml"
        },
        {
          "name": "36907",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/36907"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555"
        },
        {
          "name": "MDKSA-2007:150",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:150"
        },
        {
          "name": "29420",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29420"
        },
        {
          "name": "APPLE-SA-2008-03-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
        },
        {
          "name": "2007-0023",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2007/0023/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.metaeye.org/advisories/54"
        },
        {
          "name": "26209",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26209"
        },
        {
          "name": "20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/473371/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=307562"
        },
        {
          "name": "26377",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26377"
        },
        {
          "name": "ADV-2007-2643",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2643"
        },
        {
          "name": "SUSE-SR:2007:015",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3725",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "26231",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26231"
            },
            {
              "name": "clamav-rarvm-dos(35367)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35367"
            },
            {
              "name": "http://kolab.org/security/kolab-vendor-notice-16.txt",
              "refsource": "CONFIRM",
              "url": "http://kolab.org/security/kolab-vendor-notice-16.txt"
            },
            {
              "name": "ADV-2007-2509",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2509"
            },
            {
              "name": "26164",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26164"
            },
            {
              "name": "DSA-1340",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2007/dsa-1340"
            },
            {
              "name": "26226",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26226"
            },
            {
              "name": "26038",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26038"
            },
            {
              "name": "20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064569.html"
            },
            {
              "name": "ADV-2008-0924",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0924/references"
            },
            {
              "name": "GLSA-200708-04",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200708-04.xml"
            },
            {
              "name": "36907",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/36907"
            },
            {
              "name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555",
              "refsource": "CONFIRM",
              "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555"
            },
            {
              "name": "MDKSA-2007:150",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:150"
            },
            {
              "name": "29420",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29420"
            },
            {
              "name": "APPLE-SA-2008-03-18",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
            },
            {
              "name": "2007-0023",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2007/0023/"
            },
            {
              "name": "http://www.metaeye.org/advisories/54",
              "refsource": "MISC",
              "url": "http://www.metaeye.org/advisories/54"
            },
            {
              "name": "26209",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26209"
            },
            {
              "name": "20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/473371/100/0/threaded"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307562",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=307562"
            },
            {
              "name": "26377",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26377"
            },
            {
              "name": "ADV-2007-2643",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2643"
            },
            {
              "name": "SUSE-SR:2007:015",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-3725",
    "datePublished": "2007-07-12T20:00:00.000Z",
    "dateReserved": "2007-07-11T04:00:00.000Z",
    "dateUpdated": "2024-08-07T14:28:51.691Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2008-AVI-148

Vulnerability from certfr_avis - Published: 2008-03-19 - Updated: 2008-03-19

None

Description

De multiples vulnérabilités ont été découvertes dans le système d'exploitation Apple Mac OS X. L'exploitation de ces vulnérabilités permet à un individu malveillant diverses actions dont exécuter du code arbitaire à distance, effectuer un déni de service, contourner la politique de sécurité, élever ses privilèges et effectuer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité Apple 307562 pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Apple Mac Os X version 10.4.11 et antérieures ;
	Apple	N/A	Apple Mac Os X version 10.5.2 et antérieures.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 307562 du 18 mars 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple Mac Os X version 10.4.11 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac Os X version 10.5.2 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s\npermet \u00e0 un individu malveillant diverses actions dont ex\u00e9cuter du code\narbitaire \u00e0 distance, effectuer un d\u00e9ni de service, contourner la\npolitique de s\u00e9curit\u00e9, \u00e9lever ses privil\u00e8ges et effectuer une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Apple 307562 pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0063"
    },
    {
      "name": "CVE-2008-0060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0060"
    },
    {
      "name": "CVE-2007-3847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3847"
    },
    {
      "name": "CVE-2007-6109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6109"
    },
    {
      "name": "CVE-2007-1661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1661"
    },
    {
      "name": "CVE-2008-0882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0882"
    },
    {
      "name": "CVE-2007-6336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6336"
    },
    {
      "name": "CVE-2007-2799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2799"
    },
    {
      "name": "CVE-2006-3747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3747"
    },
    {
      "name": "CVE-2007-5000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000"
    },
    {
      "name": "CVE-2008-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1089"
    },
    {
      "name": "CVE-2008-0005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0005"
    },
    {
      "name": "CVE-2007-4768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4768"
    },
    {
      "name": "CVE-2008-0059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0059"
    },
    {
      "name": "CVE-2008-1000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1000"
    },
    {
      "name": "CVE-2007-1660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1660"
    },
    {
      "name": "CVE-2007-4568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4568"
    },
    {
      "name": "CVE-2007-3378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3378"
    },
    {
      "name": "CVE-2008-0052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0052"
    },
    {
      "name": "CVE-2008-0990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0990"
    },
    {
      "name": "CVE-2008-0995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0995"
    },
    {
      "name": "CVE-2007-0898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0898"
    },
    {
      "name": "CVE-2007-5266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5266"
    },
    {
      "name": "CVE-2008-0055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0055"
    },
    {
      "name": "CVE-2007-1997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1997"
    },
    {
      "name": "CVE-2007-1659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1659"
    },
    {
      "name": "CVE-2007-6337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6337"
    },
    {
      "name": "CVE-2008-0044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0044"
    },
    {
      "name": "CVE-2008-0045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0045"
    },
    {
      "name": "CVE-2007-5971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5971"
    },
    {
      "name": "CVE-2008-0046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0046"
    },
    {
      "name": "CVE-2008-0047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0047"
    },
    {
      "name": "CVE-2007-6335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6335"
    },
    {
      "name": "CVE-2007-5267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5267"
    },
    {
      "name": "CVE-2007-3725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3725"
    },
    {
      "name": "CVE-2008-0054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0054"
    },
    {
      "name": "CVE-2008-0996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0996"
    },
    {
      "name": "CVE-2007-5268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5268"
    },
    {
      "name": "CVE-2007-6203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6203"
    },
    {
      "name": "CVE-2008-0051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0051"
    },
    {
      "name": "CVE-2007-3799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3799"
    },
    {
      "name": "CVE-2008-0048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0048"
    },
    {
      "name": "CVE-2007-1662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1662"
    },
    {
      "name": "CVE-2006-3334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3334"
    },
    {
      "name": "CVE-2008-0998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0998"
    },
    {
      "name": "CVE-2007-0897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0897"
    },
    {
      "name": "CVE-2008-0318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0318"
    },
    {
      "name": "CVE-2007-6429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6429"
    },
    {
      "name": "CVE-2007-4510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4510"
    },
    {
      "name": "CVE-2007-5269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5269"
    },
    {
      "name": "CVE-2007-5795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5795"
    },
    {
      "name": "CVE-2008-0006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0006"
    },
    {
      "name": "CVE-2008-0062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0062"
    },
    {
      "name": "CVE-2008-0728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0728"
    },
    {
      "name": "CVE-2007-2445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2445"
    },
    {
      "name": "CVE-2008-0049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0049"
    },
    {
      "name": "CVE-2007-1745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1745"
    },
    {
      "name": "CVE-2007-6427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6427"
    },
    {
      "name": "CVE-2008-0987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0987"
    },
    {
      "name": "CVE-2008-0993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0993"
    },
    {
      "name": "CVE-2008-0988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0988"
    },
    {
      "name": "CVE-2008-0056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0056"
    },
    {
      "name": "CVE-2008-0992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0992"
    },
    {
      "name": "CVE-2006-5793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5793"
    },
    {
      "name": "CVE-2007-6428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6428"
    },
    {
      "name": "CVE-2008-0989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0989"
    },
    {
      "name": "CVE-2005-3352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3352"
    },
    {
      "name": "CVE-2008-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0053"
    },
    {
      "name": "CVE-2007-4767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4767"
    },
    {
      "name": "CVE-2008-0050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0050"
    },
    {
      "name": "CVE-2007-5958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5958"
    },
    {
      "name": "CVE-2006-6481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6481"
    },
    {
      "name": "CVE-2008-0994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0994"
    },
    {
      "name": "CVE-2007-6421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6421"
    },
    {
      "name": "CVE-2008-0058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0058"
    },
    {
      "name": "CVE-2007-4752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4752"
    },
    {
      "name": "CVE-2008-0999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0999"
    },
    {
      "name": "CVE-2007-4560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4560"
    },
    {
      "name": "CVE-2007-4990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4990"
    },
    {
      "name": "CVE-2007-4766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4766"
    },
    {
      "name": "CVE-2007-6388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6388"
    },
    {
      "name": "CVE-2008-0596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0596"
    },
    {
      "name": "CVE-2007-4887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4887"
    }
  ],
  "initial_release_date": "2008-03-19T00:00:00",
  "last_revision_date": "2008-03-19T00:00:00",
  "links": [],
  "reference": "CERTA-2008-AVI-148",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-03-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": null,
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 307562 du 18 mars 2008",
      "url": "http://docs.info.apple.com/article.html?artnum=307562"
    }
  ]
}

CERTA-2007-AVI-306

Vulnerability from certfr_avis - Published: 2007-07-12 - Updated: 2007-07-27

Une vulnérabilité dans ClamAV permet à un utilisateur distant de provoquer un déni de service de l'application vulnérable.

Description

Une erreur de type pointeur nul dans le composant de ClamAV mettant en œuvre l'analyse des fichiers au format RAR permet à un utilisateur distant malintentionné de provoquer un déni de service de l'antivirus vulnérable par le biais d'un fichier RAR construit de façon particulière.

Solution

La version 0.91 de ClamAV corrige le problème :

http://sourceforge.net/project/showfiles.php?group_id=86638

ClamAV versions 0.90 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Rapport de correction d'erreur de ClamAV du 10 juillet 2007	None	vendor-advisory
Bulletin de sécurité Mandriva MDKSA-2007:150 du 25 juillet 2007 :	-	other
Rapport de correction d'erreur de ClamAV du 10 juillet 2007 :	-	other
Bulletin de sécurité Debian DSA-1340 du 24 juillet 2007 :	-	other
Site officiel de ClamAV :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eClamAV versions 0.90 et ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nUne erreur de type pointeur nul dans le composant de ClamAV mettant en\n\u0153uvre l\u0027analyse des fichiers au format RAR permet \u00e0 un utilisateur\ndistant malintentionn\u00e9 de provoquer un d\u00e9ni de service de l\u0027antivirus\nvuln\u00e9rable par le biais d\u0027un fichier RAR construit de fa\u00e7on\nparticuli\u00e8re.\n\n## Solution\n\nLa version 0.91 de ClamAV corrige le probl\u00e8me :\n\n    http://sourceforge.net/project/showfiles.php?group_id=86638\n",
  "cves": [
    {
      "name": "CVE-2007-3725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3725"
    }
  ],
  "initial_release_date": "2007-07-12T00:00:00",
  "last_revision_date": "2007-07-27T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:150 du 25 juillet    2007 :",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:150"
    },
    {
      "title": "Rapport de correction d\u0027erreur de ClamAV du 10    juillet 2007 :",
      "url": "https://www.clamav.net/bugzilla/show_bug.cgi?id=555"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1340 du 24 juillet 2007 :",
      "url": "http://www.debian.org/security/2007/dsa-1340"
    },
    {
      "title": "Site officiel de ClamAV :",
      "url": "http://www.clamav.net"
    }
  ],
  "reference": "CERTA-2007-AVI-306",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-07-12T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence CVE et des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Mandriva et Debian.",
      "revision_date": "2007-07-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans ClamAV permet \u00e0 un utilisateur distant de\nprovoquer un d\u00e9ni de service de l\u0027application vuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de ClamAV",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Rapport de correction d\u0027erreur de ClamAV du 10 juillet 2007",
      "url": null
    }
  ]
}

GSD-2007-3725

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-3725

Aliases

CVE-2007-3725

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-3725",
    "description": "The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.",
    "id": "GSD-2007-3725",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-3725.html",
      "https://www.debian.org/security/2007/dsa-1340"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-3725"
      ],
      "details": "The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.",
      "id": "GSD-2007-3725",
      "modified": "2023-12-13T01:21:42.241585Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-3725",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "26231",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26231"
          },
          {
            "name": "clamav-rarvm-dos(35367)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35367"
          },
          {
            "name": "http://kolab.org/security/kolab-vendor-notice-16.txt",
            "refsource": "CONFIRM",
            "url": "http://kolab.org/security/kolab-vendor-notice-16.txt"
          },
          {
            "name": "ADV-2007-2509",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2509"
          },
          {
            "name": "26164",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26164"
          },
          {
            "name": "DSA-1340",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2007/dsa-1340"
          },
          {
            "name": "26226",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26226"
          },
          {
            "name": "26038",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26038"
          },
          {
            "name": "20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.",
            "refsource": "FULLDISC",
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064569.html"
          },
          {
            "name": "ADV-2008-0924",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0924/references"
          },
          {
            "name": "GLSA-200708-04",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200708-04.xml"
          },
          {
            "name": "36907",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/36907"
          },
          {
            "name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555",
            "refsource": "CONFIRM",
            "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555"
          },
          {
            "name": "MDKSA-2007:150",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:150"
          },
          {
            "name": "29420",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29420"
          },
          {
            "name": "APPLE-SA-2008-03-18",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
          },
          {
            "name": "2007-0023",
            "refsource": "TRUSTIX",
            "url": "http://www.trustix.org/errata/2007/0023/"
          },
          {
            "name": "http://www.metaeye.org/advisories/54",
            "refsource": "MISC",
            "url": "http://www.metaeye.org/advisories/54"
          },
          {
            "name": "26209",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26209"
          },
          {
            "name": "20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/473371/100/0/threaded"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=307562",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=307562"
          },
          {
            "name": "26377",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26377"
          },
          {
            "name": "ADV-2007-2643",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2643"
          },
          {
            "name": "SUSE-SR:2007:015",
            "refsource": "SUSE",
            "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.60p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.88.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.88.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.81_rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.88.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.88.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.86_rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.88.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.88.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.87.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3725"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.metaeye.org/advisories/54",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.metaeye.org/advisories/54"
            },
            {
              "name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555"
            },
            {
              "name": "20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064569.html"
            },
            {
              "name": "http://kolab.org/security/kolab-vendor-notice-16.txt",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://kolab.org/security/kolab-vendor-notice-16.txt"
            },
            {
              "name": "DSA-1340",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2007/dsa-1340"
            },
            {
              "name": "GLSA-200708-04",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200708-04.xml"
            },
            {
              "name": "MDKSA-2007:150",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:150"
            },
            {
              "name": "SUSE-SR:2007:015",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
            },
            {
              "name": "2007-0023",
              "refsource": "TRUSTIX",
              "tags": [],
              "url": "http://www.trustix.org/errata/2007/0023/"
            },
            {
              "name": "26038",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/26038"
            },
            {
              "name": "26164",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/26164"
            },
            {
              "name": "26209",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/26209"
            },
            {
              "name": "26226",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/26226"
            },
            {
              "name": "26231",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/26231"
            },
            {
              "name": "26377",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/26377"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307562",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://docs.info.apple.com/article.html?artnum=307562"
            },
            {
              "name": "APPLE-SA-2008-03-18",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
            },
            {
              "name": "29420",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29420"
            },
            {
              "name": "ADV-2008-0924",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0924/references"
            },
            {
              "name": "ADV-2007-2509",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2509"
            },
            {
              "name": "ADV-2007-2643",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2643"
            },
            {
              "name": "36907",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/36907"
            },
            {
              "name": "clamav-rarvm-dos(35367)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35367"
            },
            {
              "name": "20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/473371/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-15T21:30Z",
      "publishedDate": "2007-07-12T16:30Z"
    }
  }
}

GHSA-HJXC-GVPM-WH37

Vulnerability from github – Published: 2022-05-01 18:16 – Updated: 2025-04-09 03:43

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-3725"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-07-12T16:30:00Z",
    "severity": "MODERATE"
  },
  "details": "The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.",
  "id": "GHSA-hjxc-gvpm-wh37",
  "modified": "2025-04-09T03:43:56Z",
  "published": "2022-05-01T18:16:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3725"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35367"
    },
    {
      "type": "WEB",
      "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=307562"
    },
    {
      "type": "WEB",
      "url": "http://kolab.org/security/kolab-vendor-notice-16.txt"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064569.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/36907"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26038"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26164"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26209"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26226"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26231"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26377"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29420"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200708-04.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2007/dsa-1340"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:150"
    },
    {
      "type": "WEB",
      "url": "http://www.metaeye.org/advisories/54"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/473371/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.trustix.org/errata/2007/0023"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2509"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2643"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0924/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2007-3725

Vulnerability from fkie_nvd - Published: 2007-07-12 16:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=307562
cve@mitre.org	http://kolab.org/security/kolab-vendor-notice-16.txt
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064569.html
cve@mitre.org	http://osvdb.org/36907
cve@mitre.org	http://secunia.com/advisories/26038
cve@mitre.org	http://secunia.com/advisories/26164
cve@mitre.org	http://secunia.com/advisories/26209
cve@mitre.org	http://secunia.com/advisories/26226
cve@mitre.org	http://secunia.com/advisories/26231
cve@mitre.org	http://secunia.com/advisories/26377
cve@mitre.org	http://secunia.com/advisories/29420
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200708-04.xml
cve@mitre.org	http://www.debian.org/security/2007/dsa-1340
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDKSA-2007:150
cve@mitre.org	http://www.metaeye.org/advisories/54	Exploit, Patch, Vendor Advisory
cve@mitre.org	http://www.novell.com/linux/security/advisories/2007_15_sr.html
cve@mitre.org	http://www.securityfocus.com/archive/1/473371/100/0/threaded
cve@mitre.org	http://www.trustix.org/errata/2007/0023/
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2509
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2643
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0924/references
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/35367
cve@mitre.org	https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=307562
af854a3a-2127-422b-91ae-364da2661108	http://kolab.org/security/kolab-vendor-notice-16.txt
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064569.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/36907
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26038
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26164
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26209
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26226
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26231
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26377
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29420
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200708-04.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2007/dsa-1340
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2007:150
af854a3a-2127-422b-91ae-364da2661108	http://www.metaeye.org/advisories/54	Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2007_15_sr.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/473371/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.trustix.org/errata/2007/0023/
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2509
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2643
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0924/references
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/35367
af854a3a-2127-422b-91ae-364da2661108	https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555

Impacted products

Vendor	Product	Version
clam_anti-virus	clamav	0.15
clam_anti-virus	clamav	0.20
clam_anti-virus	clamav	0.21
clam_anti-virus	clamav	0.22
clam_anti-virus	clamav	0.23
clam_anti-virus	clamav	0.24
clam_anti-virus	clamav	0.51
clam_anti-virus	clamav	0.52
clam_anti-virus	clamav	0.53
clam_anti-virus	clamav	0.54
clam_anti-virus	clamav	0.60
clam_anti-virus	clamav	0.60p
clam_anti-virus	clamav	0.65
clam_anti-virus	clamav	0.67
clam_anti-virus	clamav	0.68
clam_anti-virus	clamav	0.68.1
clam_anti-virus	clamav	0.70
clam_anti-virus	clamav	0.71
clam_anti-virus	clamav	0.72
clam_anti-virus	clamav	0.73
clam_anti-virus	clamav	0.74
clam_anti-virus	clamav	0.75
clam_anti-virus	clamav	0.75.1
clam_anti-virus	clamav	0.80
clam_anti-virus	clamav	0.80_rc1
clam_anti-virus	clamav	0.80_rc2
clam_anti-virus	clamav	0.80_rc3
clam_anti-virus	clamav	0.80_rc4
clam_anti-virus	clamav	0.81
clam_anti-virus	clamav	0.81_rc1
clam_anti-virus	clamav	0.82
clam_anti-virus	clamav	0.83
clam_anti-virus	clamav	0.84
clam_anti-virus	clamav	0.84_rc1
clam_anti-virus	clamav	0.84_rc2
clam_anti-virus	clamav	0.85
clam_anti-virus	clamav	0.85.1
clam_anti-virus	clamav	0.86
clam_anti-virus	clamav	0.86.1
clam_anti-virus	clamav	0.86.2
clam_anti-virus	clamav	0.86_rc1
clam_anti-virus	clamav	0.87
clam_anti-virus	clamav	0.87.1
clam_anti-virus	clamav	0.88
clam_anti-virus	clamav	0.88.1
clam_anti-virus	clamav	0.88.3
clam_anti-virus	clamav	0.88.4
clam_anti-virus	clamav	0.88.5
clam_anti-virus	clamav	0.88.6
clam_anti-virus	clamav	0.88.7
clam_anti-virus	clamav	0.90
clam_anti-virus	clamav	0.90_rc1.1
clam_anti-virus	clamav	0.90_rc2
clam_anti-virus	clamav	0.90_rc3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C9A0FA4-A4AE-4C90-98DA-8AF5ABB03CE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0E9BC10-5F5B-499A-893C-1EEF6F1180B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "06A9B47A-8FC3-4BD2-A55F-9150307619B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "7068873F-E45D-4471-B55E-BF7B0E3AFEEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "695F0967-1529-42DB-8978-8B9192F7F615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "073BBAA9-7C7B-4D07-8943-7459DD2BAAC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB72ED94-7832-43CF-81CF-27F88CAC6E91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C48C927-2D02-4B7E-82C3-0BBF29AAB24A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "802BFF6B-5D9F-49AE-B96A-86A85E0F1034",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7B2943-BC22-4735-8AA5-AADBEA685FAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6257524-7FC5-40CA-9BDA-82B8565C5BEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60p:*:*:*:*:*:*:*",
              "matchCriteriaId": "35EBA938-DC66-40EA-8C66-38296AB57B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "395AACCC-C20A-4BC1-BF62-D40FF71B7360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F52C121-B8B8-43A8-AFAB-E85474021919",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*",
              "matchCriteriaId": "659B4C39-0F0F-40C5-9B7E-0D00330611F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7793F3D5-E93C-46C8-ADCA-EF60BF4EC3C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "508C140C-2F87-4270-85B0-00EA6678A344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "3033A4A2-47E9-434F-BA0A-0F2476A67899",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "4680089D-DEFB-41E3-AFAF-6DA9252F2DCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "307ED99C-32B8-4C0C-8C55-E2BA6EDB961F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEF4F0DE-DC05-4F06-BC2D-09BAEAB25184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C1EDFB4-B0C8-4832-BCA1-C35D28877581",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF60319C-CFFB-47F4-BDCB-90A5D0FB4240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF47B2A-4520-4872-987D-2EF88344ADB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "12A4541A-2560-482A-BAEA-275579B499B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9006F64F-D72B-49C4-9F51-8AD9273957B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5698AB2-94DE-480D-9E55-C05871562B8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A44C0C8F-750B-4237-9E2F-1BEF67F2BCA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC31E071-6BB8-45FE-AA09-E7E459B549D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4CBE9C9-A1DE-4C68-B84D-C735A9A700E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*",
              "matchCriteriaId": "53D884A1-305C-416A-9851-3A7D875FDC47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*",
              "matchCriteriaId": "E58A6CBC-ED1C-430D-8F43-88694971A850",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*",
              "matchCriteriaId": "E330A535-A376-4BFF-BB1B-31E83370FC02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E389E1C-46A6-4B5C-9091-8AAE5FFDC4B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1ADBDEE-1421-42E5-8DE2-404087613B75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDF94B1E-E8D4-4952-9081-1254F335445D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8657268E-4C78-4565-9966-7329095A7905",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D20F0D5-2291-4F24-94DB-180CDF926B93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0E2884A-615F-4063-8FB7-EC157C3EC07F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7BC41B7-272F-44BB-BD48-6C9231402526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86_rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0138546B-3704-45FB-8115-05C12F9935D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*",
              "matchCriteriaId": "D23F1D35-6073-49B0-8DD4-C58AEE2CC83C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D87DA1D8-59AC-4372-BBFC-ED8BC6603AAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F56722F-F61A-404B-B0B2-1C92C22D0436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D00EBC44-B4AB-443F-A063-8C8CB64F5F94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB68680-FA6D-4235-90DA-E3DF0E5BB666",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E5BCBA5-0CE1-4112-8C3D-BAED9C5537B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3908B34C-823E-47BA-8A64-23547D2AB027",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "557C5437-4B40-4E89-A23D-96B95829281D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3394AD1-C667-46E7-82D3-E2E381CCC9FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "142588F8-15C3-4288-BE7C-B2F7447BD60F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B116E9A-0646-4AD5-A531-C35124AB02DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F3C25BA-72EF-4588-A90A-B323A3407FAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01FDAEBC-0B2E-4F60-8B59-13A93B1AF206",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference."
    },
    {
      "lang": "es",
      "value": "El m\u00f3dulo RAR VM (unrarvm.c) de Clam Antivirus (ClamAV) anterior a 0.91 permite a atacantes remotos con la intervenci\u00f3n del usuario provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante un archivo RAR manipulado, resultando en una referencia a punero nulo (NULL)."
    }
  ],
  "id": "CVE-2007-3725",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-07-12T16:30:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=307562"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://kolab.org/security/kolab-vendor-notice-16.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064569.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/36907"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26038"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26164"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26209"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26226"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26231"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26377"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29420"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200708-04.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2007/dsa-1340"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:150"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.metaeye.org/advisories/54"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/473371/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.trustix.org/errata/2007/0023/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2509"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2643"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0924/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35367"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=307562"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kolab.org/security/kolab-vendor-notice-16.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064569.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/36907"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26038"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26164"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26209"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26226"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26377"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29420"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200708-04.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2007/dsa-1340"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:150"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.metaeye.org/advisories/54"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/473371/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.trustix.org/errata/2007/0023/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2509"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2643"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0924/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35367"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-3725 (GCVE-0-2007-3725)

CERTA-2008-AVI-148

Description

Solution

CERTA-2007-AVI-306

Description

Solution

GSD-2007-3725

GHSA-HJXC-GVPM-WH37

FKIE_CVE-2007-3725

Tags

Sightings

Nomenclature