Denial of Service Vulnerability in Sophos Anti-Virus for Unix/Linux
CVE-2007-4577

Currently unrated

Key Information:

Vendor: Sophos
Status: Anti-virus; Small Business Suite; Scanning Engine
Vendor: CVE Published:; 28 August 2007

What is CVE-2007-4577?

A vulnerability in Sophos Anti-Virus for Unix/Linux prior to version 2.48.0 allows remote attackers to trigger a denial of service by sending a specially crafted BZip file. This can lead to an infinite loop in the BZip file processing, resulting in the generation of numerous temporary files within the antivirus engine, ultimately disrupting system performance and availability.

References

http://www.vupen.com/english/advisories/2007/2972

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/25428

vdb-entryx_refsource_BID

http://secunia.com/advisories/26580

third-party-advisoryx_refsource_SECUNIA

EPSS Score

5% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2007
Vulnerability Reserved
Aug 28, 2007