CVE-2007-2650

ClamAV < 0.90.3 - Denial of Service via OLE2 Parser

Title source: llm

Description

The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.

References (18)

Core 18

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25796

Broken Link mailing-list x_refsource_mlist

http://lurker.clamav.net/message/20070418.111144.0df6c5d3.en.html

Third Party Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2007_33_clamav.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25525

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25553

Permissions Required vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/1776

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25523

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2007/dsa-1320

Broken Link vendor-advisory x_refsource_trustix

http://www.trustix.org/errata/2007/0020/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/24316

Third Party Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2007:115

Patch, Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25244

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25558

Broken Link x_refsource_confirm

http://kolab.org/security/kolab-vendor-notice-15.txt

Broken Link x_refsource_misc

http://article.gmane.org/gmane.comp.security.virus.clamav.devel/2853

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25688

Broken Link x_refsource_confirm

http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200706-05.xml

Scores

EPSS 0.0325

EPSS Percentile 86.8%

Details

CWE

CWE-400

Status published

Products (3)

clamav/clamav < 0.90.3

debian/debian_linux 3.1

debian/debian_linux 4.0

Published May 14, 2007

Tracked Since Feb 18, 2026