CVE - CVE-2007-4510

CVE-ID
CVE-2007-4510	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2008-03-18 URL:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html BID:25398 URL:http://www.securityfocus.com/bid/25398 CONFIRM:http://docs.info.apple.com/article.html?artnum=307562 CONFIRM:http://kolab.org/security/kolab-vendor-notice-17.txt CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=533658 CONFIRM:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=582 CONFIRM:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=611 DEBIAN:DSA-1366 URL:http://www.debian.org/security/2007/dsa-1366 FEDORA:FEDORA-2007-2050 URL:https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html GENTOO:GLSA-200709-14 URL:http://security.gentoo.org/glsa/glsa-200709-14.xml MANDRIVA:MDKSA-2007:172 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:172~~ (Obsolete source) SECUNIA:26530 URL:http://secunia.com/advisories/26530 SECUNIA:26552 URL:http://secunia.com/advisories/26552 SECUNIA:26654 URL:http://secunia.com/advisories/26654 SECUNIA:26674 URL:http://secunia.com/advisories/26674 SECUNIA:26683 URL:http://secunia.com/advisories/26683 SECUNIA:26751 URL:http://secunia.com/advisories/26751 SECUNIA:26822 URL:http://secunia.com/advisories/26822 SECUNIA:26916 URL:http://secunia.com/advisories/26916 SECUNIA:29420 URL:http://secunia.com/advisories/29420 SREASON:3054 URL:http://securityreason.com/securityalert/3054 SUSE:SUSE-SR:2007:018 URL:http://www.novell.com/linux/security/advisories/2007_18_sr.html TRUSTIX:2007-0026 URL:~~http://www.trustix.org/errata/2007/0026/~~ (Obsolete source - check if archived by the Wayback Machine) VUPEN:ADV-2007-2952 URL:~~http://www.vupen.com/english/advisories/2007/2952~~ (Obsolete source) VUPEN:ADV-2008-0924 URL:~~http://www.vupen.com/english/advisories/2008/0924/references~~ (Obsolete source) XF:clamav-clihtmlnormalise-dos(36177) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/36177 XF:clamav-rtf-dos(36173) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/36173
Assigning CNA
MITRE Corporation
Date Record Created
20070823	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070823)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)