CVE-2007-3875

arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file.

Published: 2007-07-26 Last update: 2026-04-23 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2007-3875 is rated Moderate Risk (48.4/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 3.32%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2007-3875

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-05-06 2.71% 3.32% +0.61%
2 2026-03-14 2.64% 2.71% +0.07%
3 2025-08-20 2.64%

Full EPSS history (18 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2007-3875

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
4.3 2.0 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:P)
Partial availability impact.
 8.6 2.9 [email protected]

Weakness enumeration for CVE-2007-3875

Affected software / configurations for CVE-2007-3875

Vendor Product Version Raw CPE
broadcom anti-spyware 2007 cpe:2.3:a:broadcom:anti-spyware:2007:*:*:*:*:*:*:*
broadcom anti-virus_for_the_enterprise <= 8 cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:*:*:*:*:*:*:*:*
broadcom anti-virus_for_the_enterprise 7.0 cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.0:*:*:*:*:*:*:*
broadcom anti-virus_for_the_enterprise 7.1 cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:7.1:*:*:*:*:*:*:*
broadcom anti-virus_for_the_enterprise 8 cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8:*:*:*:*:*:*:*
broadcom anti-virus_for_the_enterprise 8.1 cpe:2.3:a:broadcom:anti-virus_for_the_enterprise:8.1:*:*:*:*:*:*:*
broadcom anti_virus_sdk cpe:2.3:a:broadcom:anti_virus_sdk:*:*:*:*:*:*:*:*
broadcom antispyware_for_the_enterprise 8 cpe:2.3:a:broadcom:antispyware_for_the_enterprise:8:*:*:*:*:*:*:*
broadcom antispyware_for_the_enterprise 8.1 cpe:2.3:a:broadcom:antispyware_for_the_enterprise:8.1:*:*:*:*:*:*:*
broadcom antivirus_sdk cpe:2.3:a:broadcom:antivirus_sdk:*:*:*:*:*:*:*:*
broadcom brightstor_arcserve_backup 9.01 cpe:2.3:a:broadcom:brightstor_arcserve_backup:9.01:*:*:*:*:*:*:*
broadcom brightstor_arcserve_backup 11.1 cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.1:*:*:*:*:*:*:*
broadcom brightstor_arcserve_backup 11.5 cpe:2.3:a:broadcom:brightstor_arcserve_backup:11.5:*:*:*:*:*:*:*
broadcom brightstor_arcserve_client cpe:2.3:a:broadcom:brightstor_arcserve_client:*:*:*:*:*:*:*:*
broadcom brightstor_enterprise_backup 10.5 cpe:2.3:a:broadcom:brightstor_enterprise_backup:10.5:*:*:*:*:*:*:*
broadcom brigthstor_arcserve_client_for_windows cpe:2.3:a:broadcom:brigthstor_arcserve_client_for_windows:*:*:*:*:*:*:*:*
broadcom common_services 11 cpe:2.3:a:broadcom:common_services:11:*:*:*:*:*:*:*
broadcom common_services 11.1 cpe:2.3:a:broadcom:common_services:11.1:*:*:*:*:*:*:*
broadcom etrust_antivirus 8 cpe:2.3:a:broadcom:etrust_antivirus:8:*:*:*:*:*:*:*
broadcom etrust_antivirus_gateway 7.1 cpe:2.3:a:broadcom:etrust_antivirus_gateway:7.1:*:*:*:*:*:*:*
broadcom etrust_ez_antivirus 6.1 cpe:2.3:a:broadcom:etrust_ez_antivirus:6.1:*:*:*:*:*:*:*
broadcom etrust_ez_antivirus 7 cpe:2.3:a:broadcom:etrust_ez_antivirus:7:*:*:*:*:*:*:*
broadcom etrust_ez_armor 1 cpe:2.3:a:broadcom:etrust_ez_armor:1:*:*:*:*:*:*:*
broadcom etrust_ez_armor 2 cpe:2.3:a:broadcom:etrust_ez_armor:2:*:*:*:*:*:*:*
broadcom etrust_ez_armor 3 cpe:2.3:a:broadcom:etrust_ez_armor:3:*:*:*:*:*:*:*
broadcom etrust_internet_security_suite 1 cpe:2.3:a:broadcom:etrust_internet_security_suite:1:*:*:*:*:*:*:*
broadcom etrust_internet_security_suite 2 cpe:2.3:a:broadcom:etrust_internet_security_suite:2:*:*:*:*:*:*:*
broadcom etrust_intrusion_detection 2.0 cpe:2.3:a:broadcom:etrust_intrusion_detection:2.0:*:*:*:*:*:*:*
broadcom etrust_intrusion_detection 3.0 cpe:2.3:a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*
broadcom internet_security_suite 3.0 cpe:2.3:a:broadcom:internet_security_suite:3.0:*:*:*:*:*:*:*
broadcom secure_content_manager 1.1 cpe:2.3:a:broadcom:secure_content_manager:1.1:*:*:*:*:*:*:*
broadcom secure_content_manager 8.0 cpe:2.3:a:broadcom:secure_content_manager:8.0:*:*:*:*:*:*:*
broadcom threat_manager 8 cpe:2.3:a:broadcom:threat_manager:8:*:*:*:*:*:*:*
broadcom unicenter_network_and_systems_management 3.0 cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:*
broadcom unicenter_network_and_systems_management 3.1 cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:*
broadcom unicenter_network_and_systems_management 11 cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11:*:*:*:*:*:*:*
broadcom unicenter_network_and_systems_management 11.1 cpe:2.3:a:broadcom:unicenter_network_and_systems_management:11.1:*:*:*:*:*:*:*
ca brightstor_arcserve_backup 11 cpe:2.3:a:ca:brightstor_arcserve_backup:11:*:windows:*:*:*:*:*
ca etrust_intrusion_detection 3.0 cpe:2.3:a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*
ca protection_suites r2 cpe:2.3:a:ca:protection_suites:r2:*:*:*:*:*:*:*
ca protection_suites r3 cpe:2.3:a:ca:protection_suites:r3:*:*:*:*:*:*:*

References for CVE-2007-3875

cvelogic Threat Intelligence