CVE Vulnerabilities

CVE-2007-4510

Published: Aug 23, 2007 | Modified: Jul 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information.

Affected Software

Name Vendor Start Version End Version
Clamav Clam_anti-virus * 0.91.2 (including)
Kolab_server Kolab 2.0 (including) 2.0 (including)
Kolab_server Kolab 2.0.1 (including) 2.0.1 (including)
Kolab_server Kolab 2.0.2 (including) 2.0.2 (including)
Kolab_server Kolab 2.0.3 (including) 2.0.3 (including)
Kolab_server Kolab 2.0.4 (including) 2.0.4 (including)
Kolab_server Kolab 2.1 (including) 2.1 (including)
Kolab_server Kolab 2.2beta1 (including) 2.2beta1 (including)

References