Unrated severityNVD Advisory· Published Aug 28, 2007· Updated Apr 23, 2026
CVE-2007-4577
CVE-2007-4577
Description
Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb").
Affected products
37cpe:2.3:a:sophos:anti-virus:3.4.6:*:*:*:*:*:*:*+ 32 more
- cpe:2.3:a:sophos:anti-virus:3.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.78:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.78d:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.79:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.80:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.81:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.82:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.83:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.84:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.85:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.86:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.90:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.91:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.95:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:3.96.0:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:4.03:*:linux:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:4.04:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:4.05:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:4.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:4.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:4.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:4.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:4.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:4.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:5.0.9:*:linux:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:anti-virus:6.5:*:*:*:*:*:*:*
cpe:2.3:a:sophos:scanning_engine:2.30.4:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:sophos:scanning_engine:2.30.4:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:scanning_engine:2.40.2:*:*:*:*:*:*:*
cpe:2.3:a:sophos:small_business_suite:4.04:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:sophos:small_business_suite:4.04:*:*:*:*:*:*:*
- cpe:2.3:a:sophos:small_business_suite:4.05:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- secunia.com/advisories/26580nvdPatchVendor Advisory
- securityreason.com/securityalert/3073nvd
- securitytracker.com/idnvd
- www.nruns.com/security_advisory_sophos_gzip_infinite_loop_dos.phpnvd
- www.securityfocus.com/archive/1/477727/100/0/threadednvd
- www.securityfocus.com/bid/25428nvd
- www.sophos.com/support/knowledgebase/article/28407.htmlnvd
- www.vupen.com/english/advisories/2007/2972nvd
News mentions
0No linked articles in our index yet.