FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-2650

This CVE name corresponds to:

Entered Topic
2007-06-19 clamav -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2007-2650
Phase Assigned(20070514)

Description

The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.

References

Source Reference
MLIST [clamav-devel] 20070418 Bug in OLE2 file parser
MISC http://article.gmane.org/gmane.comp.security.virus.clamav.devel/2853
CONFIRM http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
CONFIRM http://kolab.org/security/kolab-vendor-notice-15.txt
DEBIAN DSA-1320
GENTOO GLSA-200706-05
MANDRIVA MDKSA-2007:115
SUSE SUSE-SA:2007:033
TRUSTIX 2007-0020
BID 24316
VUPEN ADV-2007-1776
SECUNIA 25244
SECUNIA 25553
SECUNIA 25523
SECUNIA 25525
SECUNIA 25558
SECUNIA 25688
SECUNIA 25796