CVE-2007-0619 (GCVE-0-2007-0619)

Vulnerability from cvelistv5 – Published: 2007-01-31 11:00 – Updated: 2024-08-07 12:26
VLAI?
Summary
chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://securitytracker.com/id?1017565 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/23975 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/0361 vdb-entryx_refsource_VUPEN
http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
http://www.securityfocus.com/bid/22258 vdb-entryx_refsource_BID
http://secunia.com/advisories/24335 third-party-advisoryx_refsource_SECUNIA
http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
http://security.gentoo.org/glsa/glsa-200702-12.xml vendor-advisoryx_refsource_GENTOO
http://morte.jedrea.com/~jedwin/projects/chmlib/ x_refsource_CONFIRM
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:26:53.988Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1017565",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017565"
          },
          {
            "name": "23975",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23975"
          },
          {
            "name": "ADV-2007-0361",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0361"
          },
          {
            "name": "SUSE-SR:2007:003",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_3_sr.html"
          },
          {
            "name": "22258",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22258"
          },
          {
            "name": "24335",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24335"
          },
          {
            "name": "20070126 Multiple Vendor libchm Page Block Length Memory Corruption Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=468"
          },
          {
            "name": "GLSA-200702-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200702-12.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://morte.jedrea.com/~jedwin/projects/chmlib/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-01-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-02-28T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1017565",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017565"
        },
        {
          "name": "23975",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23975"
        },
        {
          "name": "ADV-2007-0361",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0361"
        },
        {
          "name": "SUSE-SR:2007:003",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_3_sr.html"
        },
        {
          "name": "22258",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22258"
        },
        {
          "name": "24335",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24335"
        },
        {
          "name": "20070126 Multiple Vendor libchm Page Block Length Memory Corruption Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=468"
        },
        {
          "name": "GLSA-200702-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200702-12.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://morte.jedrea.com/~jedwin/projects/chmlib/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0619",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1017565",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017565"
            },
            {
              "name": "23975",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23975"
            },
            {
              "name": "ADV-2007-0361",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0361"
            },
            {
              "name": "SUSE-SR:2007:003",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_3_sr.html"
            },
            {
              "name": "22258",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22258"
            },
            {
              "name": "24335",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24335"
            },
            {
              "name": "20070126 Multiple Vendor libchm Page Block Length Memory Corruption Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=468"
            },
            {
              "name": "GLSA-200702-12",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200702-12.xml"
            },
            {
              "name": "http://morte.jedrea.com/~jedwin/projects/chmlib/",
              "refsource": "CONFIRM",
              "url": "http://morte.jedrea.com/~jedwin/projects/chmlib/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-0619",
    "datePublished": "2007-01-31T11:00:00",
    "dateReserved": "2007-01-30T00:00:00",
    "dateUpdated": "2024-08-07T12:26:53.988Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:chmlib:chmlib:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"0.38\", \"matchCriteriaId\": \"BCC837C5-897A-48E3-96E4-6584DA19427D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption.\"}, {\"lang\": \"es\", \"value\": \"chmlib anterior a la 0.39 permite a atacantes con la intervenci\\u00f3n del usuario ejecutar c\\u00f3digo de su elecci\\u00f3n mediante la manipulaci\\u00f3n de un largo bloque de una p\\u00e1gina en el fichero CHM, lo que dispara una corrupci\\u00f3n de memoria.\"}]",
      "evaluatorSolution": "Update to version 0.39.",
      "id": "CVE-2007-0619",
      "lastModified": "2024-11-21T00:26:19.567",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2007-01-31T11:28:00.000",
      "references": "[{\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=468\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://morte.jedrea.com/~jedwin/projects/chmlib/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://secunia.com/advisories/23975\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/24335\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200702-12.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1017565\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2007_3_sr.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/22258\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0361\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=468\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://morte.jedrea.com/~jedwin/projects/chmlib/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://secunia.com/advisories/23975\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/24335\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200702-12.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1017565\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2007_3_sr.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/22258\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0361\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-0619\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-01-31T11:28:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption.\"},{\"lang\":\"es\",\"value\":\"chmlib anterior a la 0.39 permite a atacantes con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante la manipulaci\u00f3n de un largo bloque de una p\u00e1gina en el fichero CHM, lo que dispara una corrupci\u00f3n de memoria.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:chmlib:chmlib:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.38\",\"matchCriteriaId\":\"BCC837C5-897A-48E3-96E4-6584DA19427D\"}]}]}],\"references\":[{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=468\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://morte.jedrea.com/~jedwin/projects/chmlib/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/23975\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/24335\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200702-12.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1017565\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_3_sr.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/22258\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0361\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=468\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://morte.jedrea.com/~jedwin/projects/chmlib/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/23975\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/24335\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200702-12.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1017565\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_3_sr.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/22258\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0361\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorSolution\":\"Update to version 0.39.\"}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.