VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 20, 2007· Updated Apr 23, 2026

CVE-2007-6336

CVE-2007-6336

Description

Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Off-by-one error in ClamAV before 0.92 allows remote code execution via a crafted MS-ZIP compressed CAB file.

Vulnerability

An off-by-one error exists in ClamAV versions prior to 0.92 when decompressing MS-ZIP compressed CAB files. This flaw resides in the CAB decompression code and can be triggered when scanning a specially crafted file. All versions before 0.92 are affected [1].

Exploitation

A remote attacker can craft a malicious CAB file using MS-ZIP compression. If a user or automated system (e.g., a mail gateway) scans this file with a vulnerable ClamAV version, the off-by-one error is triggered. No authentication or special privileges are required; the attack relies on the target processing the file [1].

Impact

Successful exploitation allows arbitrary code execution with the privileges of the user running ClamAV. This could be a system user or the clamav user if clamd is compromised, leading to full compromise of the scanning process and potential system access [1].

Mitigation

Upgrade to ClamAV 0.92 or later. Gentoo users can install >=app-antivirus/clamav-0.91.2-r1 as a patched version. No known workaround exists for unpatched installations [1].

References
  1. Multiple vulnerabilities (GLSA 200712-20) — Gentoo security

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

19

News mentions

0

No linked articles in our index yet.