Description
Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb").
References (8)
Core 8
Core References
Various Sources x_refsource_confirm
http://www.sophos.com/support/knowledgebase/article/28407.html
Various Sources x_refsource_misc
http://www.nruns.com/security_advisory_sophos_gzip_infinite_loop_dos.php
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2972
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25428
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26580
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3073
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/477727/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1018608
Scores
EPSS
0.0556
EPSS Percentile
90.4%
Details
CWE
CWE-399
Status
published
Products (36)
sophos/anti-virus
3.4.6
sophos/anti-virus
3.78
sophos/anti-virus
3.78d
sophos/anti-virus
3.79
sophos/anti-virus
3.80
sophos/anti-virus
3.81
sophos/anti-virus
3.82
sophos/anti-virus
3.83
sophos/anti-virus
3.84
sophos/anti-virus
3.85
... and 26 more
Published
Aug 28, 2007
Tracked Since
Feb 18, 2026