CVE-2007-2650 — Uncontrolled Resource Consumption in Clamav

CWE-400 — Uncontrolled Resource Consumption6 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

5.0%

top 10.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Debian Clamav Debian Linux +2 more

Timeline

PublishedMay 14

Latest updateMay 1

Description

The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages5 packages

▶NVDclamav/clamav< 0.90.3

▶debiandebian/clamav< clamav 0.90.2-1 (bookworm)

▶Debianclamav/clamav< 0.90.2-1+3

▶msrcmsrc/cbl_mariner_1.0_arm

▶msrcmsrc/cbl_mariner_1.0_x64

Also affects: Debian Linux 3.1, 4.0

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-8rq7-qcxc-ch26: The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a lar↗2022-05-01

▶

OSV

CVE-2007-2650: The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a lar↗2007-05-14

▶

📋Vendor Advisories

Microsoft

CVE-2007-2650: NIST NVD Details: https://nvd↗2020-10-13

▶

Debian

CVE-2007-2650: clamav - The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a de...↗2007

▶

💬Community

Bugzilla

CVE-2007-2650: clamav OLE2 parser DoS↗2007-05-17

▶