CVE-2007-6336 Common Vulnerabilities and Exposures

Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file.

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	Partial
Availability Impact	Partial

SUSE Bugzilla entry: 343277 [RESOLVED / WONTFIX]

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Server 11 SP1	`clamav >= 0.96-0.12.1`	Patchnames: SUSE Linux Enterprise Server 11 SP1 GA clamav-0.96-0.12.1
SUSE Linux Enterprise Server 11 SP2	`clamav >= 0.97.3-0.2.1`	Patchnames: SUSE Linux Enterprise Server 11 SP2 GA clamav-0.97.3-0.2.1
SUSE Linux Enterprise Server 11 SP3	`clamav >= 0.97.7-0.3.1`	Patchnames: SUSE Linux Enterprise Server 11 SP3 GA clamav-0.97.7-0.3.1
SUSE Linux Enterprise Server 11 SP4	`clamav >= 0.98.7-0.3.1`	Patchnames: SUSE Linux Enterprise Server 11 SP4 GA clamav-0.98.7-0.3.1
openSUSE Tumbleweed	`clamav >= 0.103.3-1.4` `clamav-devel >= 0.103.3-1.4` `clamav-milter >= 0.103.3-1.4` `libclamav9 >= 0.103.3-1.4` `libfreshclam2 >= 0.103.3-1.4`	Patchnames: openSUSE-Tumbleweed-2024-10685

CVE page created: Tue Jul 9 16:44:10 2013
CVE page last modified: Fri Sep 20 13:11:11 2024