Upstream information
CVE-2007-5497 at MITRE
Description
Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
CVSS v2 Scores
| CVSS detail | National Vulnerability Database |
|---|
| Base Score | 5.8 |
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:N |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | None |
SUSE Bugzilla entry:
340473 [RESOLVED / FIXED]
SUSE Security Advisories:
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4 | e2fsprogs-devel >= 1.41.9-2.14.3libcom_err-devel >= 1.41.9-2.14.3libcom_err-devel-32bit >= 1.41.9-2.14.3libext2fs-devel >= 1.41.9-2.14.3libext2fs-devel-32bit >= 1.41.9-2.14.3libext2fs2-32bit >= 1.41.9-2.14.3libext2fs2-x86 >= 1.41.9-2.14.3
| Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA e2fsprogs-devel-1.41.9-2.14.3 |
| SUSE Linux Enterprise Server 11 SP1 | e2fsprogs >= 1.41.9-2.1.51libcom_err2 >= 1.41.9-2.1.51libcom_err2-32bit >= 1.41.9-2.1.51libcom_err2-x86 >= 1.41.9-2.1.51libext2fs2 >= 1.41.9-2.1.51
| Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA e2fsprogs-1.41.9-2.1.51 |
| SUSE Linux Enterprise Server 11 SP2 | e2fsprogs >= 1.41.9-2.7.1libcom_err2 >= 1.41.9-2.7.1libcom_err2-32bit >= 1.41.9-2.7.1libcom_err2-x86 >= 1.41.9-2.7.1libext2fs2 >= 1.41.9-2.7.1
| Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA e2fsprogs-1.41.9-2.7.1 |
| SUSE Linux Enterprise Server 11 SP3 | e2fsprogs >= 1.41.9-2.9.1libcom_err2 >= 1.41.9-2.9.1libcom_err2-32bit >= 1.41.9-2.9.1libcom_err2-x86 >= 1.41.9-2.9.1libext2fs2 >= 1.41.9-2.9.1
| Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA e2fsprogs-1.41.9-2.9.1 |
| SUSE Linux Enterprise Server 11 SP4 | e2fsprogs >= 1.41.9-2.14.3e2fsprogs-devel >= 1.41.9-2.14.3libcom_err-devel >= 1.41.9-2.14.3libcom_err-devel-32bit >= 1.41.9-2.14.3libcom_err2 >= 1.41.9-2.14.3libcom_err2-32bit >= 1.41.9-2.14.3libcom_err2-x86 >= 1.41.9-2.14.3libext2fs-devel >= 1.41.9-2.14.3libext2fs-devel-32bit >= 1.41.9-2.14.3libext2fs2 >= 1.41.9-2.14.3libext2fs2-32bit >= 1.41.9-2.14.3libext2fs2-x86 >= 1.41.9-2.14.3
| Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA e2fsprogs-1.41.9-2.14.3
SUSE Linux Enterprise Software Development Kit 11 SP4 GA e2fsprogs-devel-1.41.9-2.14.3 |
| SUSE Linux Enterprise Server 16.0 | e2fsprogs >= 1.47.0-160000.3.2e2fsprogs-devel >= 1.47.0-160000.3.2e2fsprogs-scrub >= 1.47.0-160000.3.2fuse2fs >= 1.47.0-160000.3.2libcom_err-devel >= 1.47.0-160000.3.2libcom_err-devel-static >= 1.47.0-160000.3.2libcom_err2 >= 1.47.0-160000.3.2libext2fs-devel >= 1.47.0-160000.3.2libext2fs-devel-static >= 1.47.0-160000.3.2libext2fs2 >= 1.47.0-160000.3.2
| Patchnames:
SUSE Linux Enterprise Server 16.0 GA e2fsprogs-1.47.0-160000.3.2 |
| SUSE Linux Micro 6.0 | e2fsprogs >= 1.47.0-2.3libcom_err2 >= 1.47.0-2.3libext2fs2 >= 1.47.0-2.3
| Patchnames:
SUSE Linux Micro 6.0 GA e2fsprogs-1.47.0-2.3 |
| SUSE Linux Micro 6.1 | e2fsprogs >= 1.47.0-slfo.1.1_1.2libcom_err2 >= 1.47.0-slfo.1.1_1.2libext2fs2 >= 1.47.0-slfo.1.1_1.2
| Patchnames:
SUSE Linux Micro 6.1 GA e2fsprogs-1.47.0-slfo.1.1_1.2 |
| openSUSE Tumbleweed | e2fsprogs >= 1.46.4-1.1e2fsprogs-devel >= 1.46.4-1.1e2fsprogs-scrub >= 1.46.4-1.1libcom_err-devel >= 1.46.4-1.1libcom_err-devel-32bit >= 1.46.4-1.1libcom_err-devel-static >= 1.46.4-1.1libcom_err2 >= 1.46.4-1.1libcom_err2-32bit >= 1.46.4-1.1libext2fs-devel >= 1.46.4-1.1libext2fs-devel-32bit >= 1.46.4-1.1libext2fs-devel-static >= 1.46.4-1.1libext2fs2 >= 1.46.4-1.1libext2fs2-32bit >= 1.46.4-1.1
| Patchnames:
openSUSE-Tumbleweed-2024-10731 |
SUSE Timeline for this CVE
CVE page created: Tue Jul 9 16:22:19 2013
CVE page last modified: Sun Nov 2 12:18:12 2025
