CVE-2007-4476

Name: CVE-2007-4476
Creator: NVD / NIST
Published: 2007-09-05T01:17:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 14.90%

Last modified Jun 16, 2026

CVE-2007-4476 is a vulnerability of currently unknown severity. Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack.". EPSS estimates a 14.90% chance of exploitation in the next 30 days.

Description

Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."

Metrics

EPSS Probability

14.90%

96.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions
Gnu	Tar	< 1.19
Debian	Debian Linux	3.1
Debian	Debian Linux	4.0
Canonical	Ubuntu Linux	6.06
Canonical	Ubuntu Linux	7.04
Canonical	Ubuntu Linux	7.10

References

http://bugs.gentoo.org/show_bug.cgi?id=196978Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705Third Party Advisory
http://secunia.com/advisories/26674Patch, Third Party Advisory
http://secunia.com/advisories/26987Third Party Advisory
http://secunia.com/advisories/27331Third Party Advisory
http://secunia.com/advisories/27453Third Party Advisory
http://secunia.com/advisories/27514Third Party Advisory
http://secunia.com/advisories/27681Third Party Advisory
http://secunia.com/advisories/27857Third Party Advisory
http://secunia.com/advisories/28255Third Party Advisory
http://secunia.com/advisories/29968Third Party Advisory
http://secunia.com/advisories/32051Third Party Advisory
http://secunia.com/advisories/33567Third Party Advisory
http://secunia.com/advisories/39008Third Party Advisory
http://security.gentoo.org/glsa/glsa-200711-18.xmlThird Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021680.1-1Broken Link
http://www.debian.org/security/2007/dsa-1438Third Party Advisory
http://www.debian.org/security/2008/dsa-1566Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:197Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2007:233Broken Link
http://www.novell.com/linux/security/advisories/2007_18_sr.htmlBroken Link
http://www.novell.com/linux/security/advisories/2007_19_sr.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2010-0141.htmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0144.htmlThird Party Advisory
http://www.securityfocus.com/bid/26445Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/usn-650-1Third Party Advisory
http://www.ubuntu.com/usn/usn-709-1Third Party Advisory
http://www.vupen.com/english/advisories/2010/0628Permissions Required
http://www.vupen.com/english/advisories/2010/0629Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=280961Issue Tracking, Third Party Advisory
https://issues.rpath.com/browse/RPL-1861Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7114Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8599Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9336Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00073.htmlThird Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00370.htmlThird Party Advisory
http://bugs.gentoo.org/show_bug.cgi?id=196978Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705Third Party Advisory
http://secunia.com/advisories/26674Patch, Third Party Advisory
http://secunia.com/advisories/26987Third Party Advisory
http://secunia.com/advisories/27331Third Party Advisory
http://secunia.com/advisories/27453Third Party Advisory
http://secunia.com/advisories/27514Third Party Advisory
http://secunia.com/advisories/27681Third Party Advisory
http://secunia.com/advisories/27857Third Party Advisory
http://secunia.com/advisories/28255Third Party Advisory
http://secunia.com/advisories/29968Third Party Advisory
http://secunia.com/advisories/32051Third Party Advisory
http://secunia.com/advisories/33567Third Party Advisory
http://secunia.com/advisories/39008Third Party Advisory
http://security.gentoo.org/glsa/glsa-200711-18.xmlThird Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021680.1-1Broken Link
http://www.debian.org/security/2007/dsa-1438Third Party Advisory
http://www.debian.org/security/2008/dsa-1566Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:197Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2007:233Broken Link
http://www.novell.com/linux/security/advisories/2007_18_sr.htmlBroken Link
http://www.novell.com/linux/security/advisories/2007_19_sr.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2010-0141.htmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0144.htmlThird Party Advisory
http://www.securityfocus.com/bid/26445Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/usn-650-1Third Party Advisory
http://www.ubuntu.com/usn/usn-709-1Third Party Advisory
http://www.vupen.com/english/advisories/2010/0628Permissions Required
http://www.vupen.com/english/advisories/2010/0629Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=280961Issue Tracking, Third Party Advisory
https://issues.rpath.com/browse/RPL-1861Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7114Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8599Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9336Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00073.htmlThird Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00370.htmlThird Party Advisory

Timeline

Published: Sep 5, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2007-4476?

Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."

How severe is CVE-2007-4476?

Severity scoring for CVE-2007-4476 is pending analysis. The EPSS model estimates a 14.90% probability of exploitation in the next 30 days.

How do I fix CVE-2007-4476?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-4476?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST