cbcvebase.
CVE-2007-4510
published 2007-08-23

CVE-2007-4510: ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash)…

PriorityP414medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
1.97%
77.9th percentile
ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information.

Affected

13 ranges
VendorProductVersion rangeFixed in
clam_anti-virusclamav<= 0.91.2
clamavclamav>= 0 < 0.91.2-1~volatile10.91.2-1~volatile1
clamavclamav>= 0 < 0.91.2-1~volatile10.91.2-1~volatile1
clamavclamav>= 0 < 0.91.2-1~volatile10.91.2-1~volatile1
clamavclamav>= 0 < 0.91.2-1~volatile10.91.2-1~volatile1
debianclamav< clamav 0.91.2-1~volatile1 (bookworm)clamav 0.91.2-1~volatile1 (bookworm)
kolabkolab_server
kolabkolab_server
kolabkolab_server
kolabkolab_server
kolabkolab_server
kolabkolab_server
kolabkolab_server

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.