CVE-2007-1745
clamav - several vulnerabilities
EPSS 2.8%
Description
The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information.
How to fix CVE-2007-1745
To remediate CVE-2007-1745, upgrade the affected package to a fixed version below.
- Debian/clamav—upgrade to 0.90.2-1 or later
- Debian/clamav—upgrade to 0.84-2.sarge.16 or later
- —upgrade to 0.90.1-3lenny2 or later
Is CVE-2007-1745 being exploited?
Low — EPSS is 2.8%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 0.90.2-1
- from 0, < 0.84-2.sarge.16
- from 0, < 0.90.1-3lenny2