CVE-2007-4577

Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb").

Published: Aug 28, 2007
Updated: Nov 9, 2025
CVE: CVE-2007-4577
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
sophos / anti-virus	4.04	4.04.x
sophos / anti-virus	4.03	4.03.x
sophos / anti-virus	5.2	5.2.x
sophos / anti-virus	3.83	3.83.x
sophos / anti-virus	3.86	3.86.x
sophos / anti-virus	3.4.6	3.4.6.x
sophos / anti-virus	5.0.2	5.0.2.x
sophos / anti-virus	3.80	3.80.x
sophos / anti-virus	3.96.0	3.96.0.x
sophos / anti-virus	5.0.9	5.0.9.x
sophos / anti-virus	4.5.12	4.5.12.x
sophos / anti-virus	3.81	3.81.x
sophos / anti-virus	4.5.11	4.5.11.x
sophos / anti-virus	3.79	3.79.x
sophos / anti-virus	4.7.1	4.7.1.x
sophos / small_business_suite	4.04	4.04.x
sophos / anti-virus	6.5	6.5.x
sophos / anti-virus	4.7.2	4.7.2.x
sophos / anti-virus	5.0.4	5.0.4.x
sophos / anti-virus	3.90	3.90.x
sophos / anti-virus	5.2.1	5.2.1.x
sophos / anti-virus	3.78	3.78.x
sophos / anti-virus	4.05	4.05.x
sophos / scanning_engine	2.40.2	2.40.2.x
sophos / anti-virus	4.5.3	4.5.3.x
sophos / anti-virus	3.78d	3.78d.x
sophos / anti-virus	3.95	3.95.x
sophos / scanning_engine	2.30.4	2.30.4.x
sophos / anti-virus	3.82	3.82.x
sophos / small_business_suite	4.05	4.05.x
sophos / anti-virus	4.5.4	4.5.4.x
sophos / anti-virus	3.84	3.84.x
sophos / anti-virus	5.1	5.1.x
sophos / anti-virus	5.0.1	5.0.1.x
sophos / anti-virus	3.85	3.85.x
sophos / anti-virus	3.91	3.91.x

Vulnerability Database

300,926

CVE-2007-4577

Deep Security Visibility Without the Complexity