| Name | CVE-2007-1673 |
| Description | unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 424686, 424690 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| zoo (PTS) | jessie | 2.10-27 | fixed |
| stretch | 2.10-28 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| unzoo | source | (unstable) | 4.4-7 | | | 424690 |
| zoo | source | (unstable) | 2.10-19 | | | 424686 |
Notes
[sarge] - zoo <no-dsa> (Minor issue)
[etch] - zoo <no-dsa> (Minor issue)
[sarge] - unzoo <no-dsa> (Minor issue)
[etch] - unzoo <no-dsa> (Minor issue)