CVE-2007-5497

Name of the Vulnerable Software and Affected Versions e2fsprogs versions prior to 1.40.3 e2fsprogs-devel versions prior to 1.40.3 e2fsprogs-libs versions prior to 1.40.3 libss2 versions (affected versions not specified) libuuid1-udeb versions (affected versions not specified) libcomerr2 versions (affected versions not specified) uuid-dev versions (affected versions not specified) comerr-dev versions (affected versions not specified) libuuid1 versions (affected versions not specified) e2fsck-static versions (affected versions not specified) e2fslibs versions (affected versions not specified) e2fslibs-dev versions (affected versions not specified) e2fsprogs-udeb versions (affected versions not specified)

Description The issue is related to multiple integer overflows in libext2fs in e2fsprogs, which can allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image. This can lead to a violation of confidentiality and integrity of protected information. The exploitation of the issue can be carried out remotely.

Recommendations For e2fsprogs versions prior to 1.40.3, update to version 1.40.3 or later. For e2fsprogs-devel versions prior to 1.40.3, update to version 1.40.3 or later. For e2fsprogs-libs versions prior to 1.40.3, update to version 1.40.3 or later. For libss2, libuuid1-udeb, libcomerr2, uuid-dev, comerr-dev, libuuid1, e2fsck-static, e2fslibs, e2fslibs-dev, and e2fsprogs-udeb, at the moment, there is no information about a newer version that contains a fix for this vulnerability.