CVE-2007-4578
Sophos Anti-Virus - Denial of Service via UPX Packed File Integer Cast
Title source: llmDescription
Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". NOTE: as of 20070828, the vendor says this is a DoS and the researcher says this allows code execution, but the researcher is reliable.
References (10)
Core 10
Core References
Various Sources x_refsource_misc
http://www.nruns.com/security_advisory_sophos_upx_infinite_loop_dos.php
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2972
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25428
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26580
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/477864/100/0/threaded
Patch x_refsource_confirm
http://www.sophos.com/support/knowledgebase/article/28407.html
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3072
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/477882/100/0/threaded
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/477720/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1018608
Scores
EPSS
0.0934
EPSS Percentile
92.9%
Details
CWE
CWE-189
Status
published
Products (36)
sophos/anti-virus
3.4.6
sophos/anti-virus
3.78
sophos/anti-virus
3.78d
sophos/anti-virus
3.79
sophos/anti-virus
3.80
sophos/anti-virus
3.81
sophos/anti-virus
3.82
sophos/anti-virus
3.83
sophos/anti-virus
3.84
sophos/anti-virus
3.85
... and 26 more
Published
Aug 28, 2007
Tracked Since
Feb 18, 2026