Unrated severityNVD Advisory· Published May 31, 2007· Updated Apr 23, 2026

CVE-2007-2966

Description

Buffer overflow in the LHA decompression component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.

Affected products

F-Secure/Anti Virus10 versions
cpe:2.3:a:f-secure:f-secure_anti-virus:2005:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:f-secure:f-secure_anti-virus:2005:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_anti-virus:2006:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_anti-virus:2007:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_anti-virus:*:*:citrix_servers:*:*:*:*:*range: <=5.52
- cpe:2.3:a:f-secure:f-secure_anti-virus:*:*:linux_gateways:*:*:*:*:*range: <=4.65
- cpe:2.3:a:f-secure:f-secure_anti-virus:*:*:linux_servers:*:*:*:*:*range: <=4.65
- cpe:2.3:a:f-secure:f-secure_anti-virus:*:*:mimesweeper:*:*:*:*:*range: <=5.61
- cpe:2.3:a:f-secure:f-secure_anti-virus:*:*:ms_exchange:*:*:*:*:*range: <=6.40
- cpe:2.3:a:f-secure:f-secure_anti-virus:*:*:windows_servers:*:*:*:*:*range: <=5.42
- cpe:2.3:a:f-secure:f-secure_anti-virus:*:*:workstations:*:*:*:*:*range: <=5.44
F-Secure/F Secure Anti Virus Client Security
cpe:2.3:a:f-secure:f-secure_anti-virus_client_security:*:*:*:*:*:*:*:*
Range: <=6.03
F-Secure/F Secure Anti Virus Linux Client Security
cpe:2.3:a:f-secure:f-secure_anti-virus_linux_client_security:*:*:*:*:*:*:*:*
Range: <=5.30
F-Secure/F Secure Anti Virus Linux Server Security
cpe:2.3:a:f-secure:f-secure_anti-virus_linux_server_security:*:*:*:*:*:*:*:*
Range: <=5.30
F-Secure/Internet Security3 versions
cpe:2.3:a:f-secure:f-secure_internet_security:2005:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:f-secure:f-secure_internet_security:2005:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_internet_security:2006:*:*:*:*:*:*:*
- cpe:2.3:a:f-secure:f-secure_internet_security:2007:*:*:*:*:*:*:*
F-Secure/F Secure Protection Service
cpe:2.3:a:f-secure:f-secure_protection_service:*:*:consumers:*:*:*:*:*
Range: <=6.40
F-Secure/Internet Gatekeeper2 versions
cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*range: <=6.60
- cpe:2.3:a:f-secure:internet_gatekeeper:*:*:linux:*:*:*:*:*range: <=2.16

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/25426nvdPatchVendor Advisory
www.f-secure.com/security/fsc-2007-1.shtmlnvdPatchVendor Advisory
osvdb.org/36724nvd
securitytracker.com/idnvd
www.nruns.com/security_advisory_fsecure_lzh.phpnvd
www.securityfocus.com/archive/1/470256/100/0/threadednvd
www.securityfocus.com/bid/24235nvd
www.securitytracker.com/idnvd
www.securitytracker.com/idnvd
www.vupen.com/english/advisories/2007/1985nvd
exchange.xforce.ibmcloud.com/vulnerabilities/34575nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000