It was discovered that the OLE2 parser can be tricked into an infinite
loop and memory exhaustion.
CVE-2007-3023
It was discovered that the NsPack decompression code performed
insufficient sanitising on an internal length variable, resulting in
a potential buffer overflow.
CVE-2007-3024
It was discovered that temporary files were created with insecure
permissions, resulting in information disclosure.
CVE-2007-3122
It was discovered that the decompression code for RAR archives allows
bypassing a scan of a RAR archive due to insufficient validity checks.
CVE-2007-3123
It was discovered that the decompression code for RAR archives performs
insufficient validation of header values, resulting in a buffer overflow.
For the oldstable distribution (sarge) these problems have been fixed in
version 0.84-2.sarge.17. Please note that the fix for CVE-2007-3024 hasn't
been backported to oldstable.
For the stable distribution (etch) these prob...
Get the latest Linux and open source security news straight to your inbox.