CVE-2012-1457

medium

Published 2012-03-21 · Modified 2026-04-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

4.3

Description

The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

OS impact

OS	Version	Status	Fixed in
debian	bookworm	fixed	`0.97.5+dfsg-1`
debian	bullseye	fixed	`0.97.5+dfsg-1`
debian	forky	fixed	`0.97.5+dfsg-1`
debian	sid	fixed	`0.97.5+dfsg-1`
debian	trixie	fixed	`0.97.5+dfsg-1`

Application impact

Vendor	Product	Versions
aladdin	esafe	`7.0.17.0`
alwil	avast_antivirus	`4.8.1351.0`
alwil	avast_antivirus	`5.0.677.0`
anti-virus	vba32	`3.12.14.2`
antiy	avl_sdk	`2.0.3.7`
authentium	command_antivirus	`5.2.11.5`
avg	avg_anti-virus	`10.0.0.1190`
avira	antivir	`7.11.1.163`
bitdefender	bitdefender	`7.2`
cat	quick_heal	`11.00`
clamav	clamav	`0.96.4`
emsisoft	anti-malware	`5.1.0.1`
eset	nod32_antivirus	`5795`
f-prot	f-prot_antivirus	`4.6.2.117`
gdata-software	g_data_antivirus	`21`
ikarus	ikarus_virus_utilities_t3_command_line_scanner	`1.1.97.0`
jiangmin	jiangmin_antivirus	`13.0.900`
k7computing	antivirus	`9.77.3565`
kaspersky	kaspersky_anti-virus	`7.0.0.125`
mcafee	gateway	`2010.1c`
mcafee	scan_engine	`5.400.0.1158`
microsoft	security_essentials	`2.0`
norman	norman_antivirus_\&_antispyware	`6.06.12`
pc_tools	pc_tools_antivirus	`7.0.3.5`
rising-global	rising_antivirus	`22.83.00.03`
symantec	endpoint_protection	`11.0`
trendmicro	housecall	`9.120.0.1004`
trendmicro	trend_micro_antivirus	`9.120.0.1004`
virusbuster	virusbuster	`13.6.151.0`

References

CWEs

CWE-264

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.