| Vulnerability Name: | CVE-2007-4510 (CCN-36173) | ||||||||||||||||
| Assigned: | 2007-08-21 | ||||||||||||||||
| Published: | 2007-08-21 | ||||||||||||||||
| Updated: | 2017-07-29 | ||||||||||||||||
| Summary: | ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. Note: some of these details are obtained from third party information. | ||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2007-4510 Source: CCN Type: Apple Web site About Security Update 2008-002 Source: CONFIRM Type: UNKNOWN http://docs.info.apple.com/article.html?artnum=307562 Source: CCN Type: Kolab Security Issue 17 20070821 Kolab Server, ClamAV Source: CONFIRM Type: UNKNOWN http://kolab.org/security/kolab-vendor-notice-17.txt Source: APPLE Type: UNKNOWN APPLE-SA-2008-03-18 Source: CCN Type: SA26530 ClamAV Multiple Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 26530 Source: CCN Type: SA26552 Kolab Server ClamAV Multiple Denial of Service Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 26552 Source: SECUNIA Type: UNKNOWN 26654 Source: SECUNIA Type: UNKNOWN 26674 Source: SECUNIA Type: UNKNOWN 26683 Source: SECUNIA Type: UNKNOWN 26751 Source: SECUNIA Type: UNKNOWN 26822 Source: SECUNIA Type: UNKNOWN 26916 Source: CCN Type: SA29420 Mac OS X Security Update Fixes Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 29420 Source: GENTOO Type: UNKNOWN GLSA-200709-14 Source: SREASON Type: UNKNOWN 3054 Source: CONFIRM Type: UNKNOWN http://sourceforge.net/project/shownotes.php?release_id=533658 Source: CCN Type: SourceForge.net : Files Clam AntiVirus - File Release Notes and Changelog - Release Name: 0.91.2 Source: DEBIAN Type: UNKNOWN DSA-1366 Source: DEBIAN Type: DSA-1366 clamav -- several vulnerabilities Source: CCN Type: GLSA-200709-14 ClamAV: Multiple vulnerabilities Source: MANDRIVA Type: UNKNOWN MDKSA-2007:172 Source: SUSE Type: UNKNOWN SUSE-SR:2007:018 Source: BID Type: Patch 25398 Source: CCN Type: BID-25398 ClamAV Multiple Remote Denial of Service Vulnerabilities Source: CCN Type: BID-5398 Multiple Vendor calloc() Implementation Integer Overflow Vulnerability Source: TRUSTIX Type: UNKNOWN 2007-0026 Source: VUPEN Type: UNKNOWN ADV-2007-2952 Source: VUPEN Type: UNKNOWN ADV-2008-0924 Source: XF Type: UNKNOWN clamav-rtf-dos(36173) Source: XF Type: UNKNOWN clamav-rtf-dos(36173) Source: XF Type: UNKNOWN clamav-clihtmlnormalise-dos(36177) Source: FEDORA Type: UNKNOWN FEDORA-2007-2050 Source: SUSE Type: SUSE-SR:2007:018 SUSE Security Summary Report Source: CONFIRM Type: UNKNOWN https://wwws.clamav.net/bugzilla/show_bug.cgi?id=582 Source: CONFIRM Type: UNKNOWN https://wwws.clamav.net/bugzilla/show_bug.cgi?id=611 | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||||||
| Vulnerability Name: | CVE-2007-4510 (CCN-36177) | ||||||||||||||||
| Assigned: | 2007-08-21 | ||||||||||||||||
| Published: | 2007-08-21 | ||||||||||||||||
| Updated: | 2007-08-21 | ||||||||||||||||
| Summary: | Clam AntiVirus (ClamAV) and Kolab Server are vulnerable to a denial of service, caused by a NULL pointer dereference in the libclamav/htmlnorm.c file's cli_html_normalise function. By persuading a victim to scan a specially-crafted HTML file containing a malicious data URL, an attacker could exploit this vulnerability to cause a denial of service. | ||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2007-4510 Source: CCN Type: Apple Web site About Security Update 2008-002 Source: CCN Type: Kolab Security Issue 17 20070821 Kolab Server, ClamAV Source: CCN Type: SA26530 ClamAV Multiple Vulnerabilities Source: CCN Type: SA26552 Kolab Server ClamAV Multiple Denial of Service Vulnerabilities Source: CCN Type: SA29420 Mac OS X Security Update Fixes Multiple Vulnerabilities Source: CCN Type: SourceForge.net : Files Clam AntiVirus - File Release Notes and Changelog - Release Name: 0.91.2 Source: DEBIAN Type: DSA-1366 clamav -- several vulnerabilities Source: CCN Type: GLSA-200709-14 ClamAV: Multiple vulnerabilities Source: CCN Type: BID-23598 Allfaclassifieds Level2.PHP Remote File Include Vulnerability Source: CCN Type: BID-25398 ClamAV Multiple Remote Denial of Service Vulnerabilities Source: XF Type: UNKNOWN clamav-clihtmlnormalise-dos(36177) Source: SUSE Type: SUSE-SR:2007:018 SUSE Security Summary Report | ||||||||||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||