Launchpad.net

CVE 2007-1997

Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow.

Related bugs and status

CVE-2007-1997 (Candidate) is related to these bugs:

Bug #190187: Dapper clamav has multiple security issues that require upgrade to new version to fix

Summary				In	Importance	Status
	190187	Dapper clamav has multiple security issues that require upgrade to new version to fix		clamav (Ubuntu)	Undecided	Fix Released
	190187	Dapper clamav has multiple security issues that require upgrade to new version to fix		clamav (Ubuntu Dapper)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

IDEFENSE: 20070416 Clam AntiViru...
CONFIRM: http://sourceforge.net...
BID: 23473
SECTRACK: 1017921
SECUNIA: 24891
CONFIRM: http://support.novell....
GENTOO: GLSA-200704-21
SUSE: SUSE-SA:2007:026
TRUSTIX: 2007-0013
SECUNIA: 24920
SECUNIA: 24946
SECUNIA: 24996
SECUNIA: 25022
DEBIAN: DSA-1281
SECUNIA: 25028
SECUNIA: 25189
MANDRIVA: MDKSA-2007:098
CONFIRM: http://docs.info.apple...
APPLE: APPLE-SA-2008-03-18
SECUNIA: 29420
VUPEN: ADV-2007-1378
VUPEN: ADV-2008-0924
XF: clamav-cabunstore-cabe...