National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2007-4510 Detail

Current Description

ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information.

Source:  MITRE
View Analysis Description

Severity



CVSS 3.x Severity and Metrics:

NIST CVSS score
NIST: NVD
Base Score: N/A
NVD score not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://docs.info.apple.com/article.html?artnum=307562
http://kolab.org/security/kolab-vendor-notice-17.txt
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://security.gentoo.org/glsa/glsa-200709-14.xml
http://securityreason.com/securityalert/3054
http://sourceforge.net/project/shownotes.php?release_id=533658
http://www.debian.org/security/2007/dsa-1366
http://www.mandriva.com/security/advisories?name=MDKSA-2007:172
http://www.novell.com/linux/security/advisories/2007_18_sr.html
http://www.securityfocus.com/bid/25398 Patch
http://www.trustix.org/errata/2007/0026/
http://www.vupen.com/english/advisories/2007/2952
http://www.vupen.com/english/advisories/2008/0924/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/36173
https://exchange.xforce.ibmcloud.com/vulnerabilities/36177
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=582
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=611

Weakness Enumeration

CWE-ID CWE Name Source
NVD-CWE-Other Other NIST  

Known Affected Software Configurations Switch to CPE 2.2

Configuration 1 ( hide )
 cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*
     Show Matching CPE(s)
Up to (including)
0.91.2
 cpe:2.3:a:kolab:kolab_server:2.0:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:kolab:kolab_server:2.0.1:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:kolab:kolab_server:2.0.2:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:kolab:kolab_server:2.0.3:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:kolab:kolab_server:2.0.4:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:kolab:kolab_server:2.1:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:a:kolab:kolab_server:2.2beta1:*:*:*:*:*:*:*
     Show Matching CPE(s)


Change History

2 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2007-4510
NVD Published Date:
08/23/2007
NVD Last Modified:
07/28/2017