CVE-2007-4510

Summary

CVE	CVE-2007-4510
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2007-08-23 19:17:00 UTC
Updated	2017-07-29 01:32:00 UTC
Description	ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Clam Anti-virus	Clamav	All	All	All	All
Application	Kolab	Kolab Server	2.0	All	All	All
Application	Kolab	Kolab Server	2.0.1	All	All	All
Application	Kolab	Kolab Server	2.0.2	All	All	All
Application	Kolab	Kolab Server	2.0.3	All	All	All
Application	Kolab	Kolab Server	2.0.4	All	All	All
Application	Kolab	Kolab Server	2.1	All	All	All
Application	Kolab	Kolab Server	2.2beta1	All	All	All
Application	Kolab	Kolab Server	2.0	All	All	All
Application	Kolab	Kolab Server	2.0.1	All	All	All
Application	Kolab	Kolab Server	2.0.2	All	All	All
Application	Kolab	Kolab Server	2.0.3	All	All	All
Application	Kolab	Kolab Server	2.0.4	All	All	All
Application	Kolab	Kolab Server	2.1	All	All	All
Application	Kolab	Kolab Server	2.2beta1	All	All	All

References

Reference	Source	Link	Tags
Advisories - Mandriva Linux	MANDRIVA	www.mandriva.com
wwws.clamav.net/bugzilla/show_bug.cgi	CONFIRM	wwws.clamav.net
About Security Update 2008-002	CONFIRM	docs.info.apple.com
404 Not Found	CONFIRM	kolab.org
2007-0026	TRUSTIX	www.trustix.org
Webmail - OVH	VUPEN	www.vupen.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
Mandriva update for clamav - Advisories - Secunia	SECUNIA	secunia.com
[SECURITY] Fedora 7 Update: clamav-0.91.2-2.fc7	FEDORA	www.redhat.com
Gentoo Linux Documentation -- ClamAV: Multiple vulnerabilities	GENTOO	security.gentoo.org
Fedora update for clamav - Advisories - Secunia	SECUNIA	secunia.com
Security Announcement	SUSE	www.novell.com
SUSE Updates for Multiple Packages - Advisories - Secunia	SECUNIA	secunia.com
Kolab Server ClamAV Multiple Denial of Service Vulnerabilities - Advisories - Secunia	SECUNIA	secunia.com	Patch, Vendor Advisory
Mac OS X Security Update Fixes Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
ClamAV Multiple Vulnerabilities - Advisories - Secunia	SECUNIA	secunia.com	Patch, Vendor Advisory
Debian -- Security Information -- DSA-1366-1 clamav	DEBIAN	www.debian.org
wwws.clamav.net/bugzilla/show_bug.cgi	CONFIRM	wwws.clamav.net
Page not found - SourceForge.net	CONFIRM	sourceforge.net
SecurityReason - Kolab Security Issue 17 20070821	SREASON	securityreason.com
Trustix Update for Multiple Packages - Advisories - Secunia	SECUNIA	secunia.com
Debian update for clamav - Advisories - Secunia	SECUNIA	secunia.com
ClamAV Multiple Remote Denial of Service Vulnerabilities	BID	www.securityfocus.com	Patch
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
Gentoo update for clamav - Advisories - Secunia	SECUNIA	secunia.com
APPLE-SA-2008-03-18 Security Update 2008-002	APPLE	lists.apple.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.