VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-6mwd-zex5-2fa6

Vulnerability ID	VCID-6mwd-zex5-2fa6
Aliases	CVE-2012-1457 PYSEC-2012-25
Summary	The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
Status	Published
Exploitability	2.0
Weighted Severity	0.8
Risk	1.6
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
epss	0.70881	https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss	0.70881	https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss	0.70881	https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss	0.70881	https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss	0.85138	https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss	0.85138	https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss	0.85138	https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss	0.85138	https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss	0.85138	https://api.first.org/data/v1/epss?cve=CVE-2012-1457
epss	0.85138	https://api.first.org/data/v1/epss?cve=CVE-2012-1457

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html
		http://osvdb.org/80389
		http://osvdb.org/80391
		http://osvdb.org/80392
		http://osvdb.org/80393
		http://osvdb.org/80395
		http://osvdb.org/80396
		http://osvdb.org/80403
		http://osvdb.org/80406
		http://osvdb.org/80407
		http://osvdb.org/80409
		https://api.first.org/data/v1/epss?cve=CVE-2012-1457
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1457
		https://exchange.xforce.ibmcloud.com/vulnerabilities/74293
		http://www.ieee-security.org/TC/SP2012/program.html
		http://www.mandriva.com/security/advisories?name=MDVSA-2012:094
		http://www.securityfocus.com/archive/1/522005
		http://www.securityfocus.com/bid/52610
668273		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668273
USN-1482-1		https://usn.ubuntu.com/1482-1/

No exploits are available.

There are no known vectors.

Exploit Prediction Scoring System (EPSS)

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:04:41.707486+00:00	Pypa Importer	Import	https://github.com/pypa/advisory-database/blob/main/vulns/bitdefender/PYSEC-2012-25.yaml	37.0.0