Vulnerabilities > Sophos > Scanning Engine > 2.30.4

DATE CVE VULNERABILITY TITLE RISK
2007-09-10 CVE-2007-4787 Improper Input Validation vulnerability in Sophos Scanning Engine and Sophos Anti-Virus
The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection.
network
low complexity
sophos CWE-20
5.0
5.0
2007-08-28 CVE-2007-4578 Numeric Errors vulnerability in Sophos Anti-Virus, Scanning Engine and Small Business Suite
Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around".
network
sophos CWE-189
6.8
6.8
2007-08-28 CVE-2007-4577 Resource Management Errors vulnerability in Sophos Anti-Virus, Scanning Engine and Small Business Suite
Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb").
network
low complexity
sophos CWE-399
7.8
7.8