Vulnerability Description
Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.
CVSS Score
5.8
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ext2 Filesystems Utilities | E2Fsprogs | <= 1.40.2 |
Related Weaknesses (CWE)
References
- http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083
- http://lists.vmware.com/pipermail/security-announce/2008/000007.html
- http://secunia.com/advisories/27889Vendor Advisory
- http://secunia.com/advisories/27965Vendor Advisory
- http://secunia.com/advisories/27987Vendor Advisory
- http://secunia.com/advisories/28000Vendor Advisory
- http://secunia.com/advisories/28030Vendor Advisory
- http://secunia.com/advisories/28042Vendor Advisory
- http://secunia.com/advisories/28360Vendor Advisory
- http://secunia.com/advisories/28541Vendor Advisory
- http://secunia.com/advisories/28648Vendor Advisory
- http://secunia.com/advisories/29224Vendor Advisory
- http://secunia.com/advisories/32774
- http://secunia.com/advisories/40551Vendor Advisory
- http://sourceforge.net/project/shownotes.php?release_id=560230&group_id=2406
FAQ
What is CVE-2007-5497?
CVE-2007-5497 is a vulnerability with a CVSS score of 5.8 (MEDIUM). Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.
How severe is CVE-2007-5497?
CVE-2007-5497 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5497?
Check the references section above for vendor advisories and patch information. Affected products include: Ext2 Filesystems Utilities E2Fsprogs.