Launchpad.net

CVE 2007-4510

ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information.

Related bugs and status

CVE-2007-4510 (Candidate) is related to these bugs:

Bug #141073: Remote DoS and Remote execution

Summary				In	Importance	Status
	141073	Remote DoS and Remote execution		clamav (Ubuntu)	Undecided	Fix Released

Bug #190187: Dapper clamav has multiple security issues that require upgrade to new version to fix

Summary				In	Importance	Status
	190187	Dapper clamav has multiple security issues that require upgrade to new version to fix		clamav (Ubuntu)	Undecided	Fix Released
	190187	Dapper clamav has multiple security issues that require upgrade to new version to fix		clamav (Ubuntu Dapper)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://kolab.org/secur...
CONFIRM: http://sourceforge.net...
CONFIRM: https://wwws.clamav.ne...
CONFIRM: https://wwws.clamav.ne...
BID: 25398
SECUNIA: 26530
SECUNIA: 26552
DEBIAN: DSA-1366
SUSE: SUSE-SR:2007:018
SECUNIA: 26674
SECUNIA: 26654
SECUNIA: 26683
FEDORA: FEDORA-2007-2050
SECUNIA: 26751
TRUSTIX: 2007-0026
SECUNIA: 26822
GENTOO: GLSA-200709-14
SECUNIA: 26916
MANDRIVA: MDKSA-2007:172
SREASON: 3054
CONFIRM: http://docs.info.apple...
APPLE: APPLE-SA-2008-03-18
SECUNIA: 29420
VUPEN: ADV-2007-2952
VUPEN: ADV-2008-0924
XF: clamav-clihtmlnormalis...
XF: clamav-rtf-dos(36173)