CVE-2007-6335
clamav - several vulnerabilities
EPSS 40.4%
Description
Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow.
How to fix CVE-2007-6335
To remediate CVE-2007-6335, upgrade the affected package to a fixed version below.
- Debian/clamav—upgrade to 0.92~dfsg-1~volatile2 or later
- Debian/clamav—upgrade to 0.90.1-3etch8 or later
- Debian/clamav—upgrade to 0.91.2-4.0lenny1 or later
Is CVE-2007-6335 being exploited?
Moderate — EPSS is 40.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 0.92~dfsg-1~volatile2
- from 0, < 0.90.1-3etch8
- from 0, < 0.91.2-4.0lenny1