CVE-2007-5497
e2fsprogs - multiple integer overflows
EPSS 3.0%
Description
Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.
How to fix CVE-2007-5497
To remediate CVE-2007-5497, upgrade the affected package to a fixed version below.
- Debian/e2fsprogs—upgrade to 1.40.3-1 or later
- Debian/e2fsprogs—upgrade to 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 or later
- Debian/e2fsprogs—upgrade to 1.40.2-1+lenny1 or later
Is CVE-2007-5497 being exploited?
Low — EPSS is 3.0%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 1.40.3-1
- from 0, < 1.39+1.40-WIP-2006.11.14+dfsg-2etch1
- from 0, < 1.40.2-1+lenny1