CVE-2007-6595
clamav - several vulnerabilities
EPSS 0.05%
Description
ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled.
How to fix CVE-2007-6595
To remediate CVE-2007-6595, upgrade the affected package to a fixed version below.
- Debian/clamav—upgrade to 0.92.1~dfsg-1 or later
- Debian/clamav—upgrade to 0.90.1dfsg-3etch10 or later
Is CVE-2007-6595 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.92.1~dfsg-1
- from 0, < 0.90.1dfsg-3etch10