Red Hat Bugzilla – Bug 236703
possible vulnerabilities CVE-2007-1745
Last modified: 2007-11-30 17:12:02 EST
for more details.
The update to 0.90.2 will fix it.
Copy from bug #230075 comment #35:
0.88.7-2 should not be vulnerable to the issues fixed by 0.90.2.
CHM fd leak does not seem to triggerable by attackers (happens only when an
'fdopen()' fails, and there is a test whether open(2) returns !0 instead of <0).
0.90.x executes other code which might lead to the fd leak.
CAB scanning was disabled by the fix for CVE-2007-0897, and 0.88.7 does not
contain code for PDF scanning overall.
*** Bug 236948 has been marked as a duplicate of this bug. ***