CVE-2007-2650 — MEDIUM (4.3)

Q: How severe is CVE-2007-2650?

CVE-2007-2650 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-2650?

Check the references section above for vendor advisories and patch information. Affected products include: Clamav Clamav, Debian Debian Linux.

Vulnerability Description

The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Clamav	Clamav	< 0.90.3
Debian	Debian Linux	3.1

Related Weaknesses (CWE)

CWE-400

References

http://article.gmane.org/gmane.comp.security.virus.clamav.devel/2853Broken Link
http://kolab.org/security/kolab-vendor-notice-15.txtBroken Link
http://lurker.clamav.net/message/20070418.111144.0df6c5d3.en.htmlBroken Link
http://secunia.com/advisories/25244PatchThird Party Advisory
http://secunia.com/advisories/25523Third Party Advisory
http://secunia.com/advisories/25525Third Party Advisory
http://secunia.com/advisories/25553Third Party Advisory
http://secunia.com/advisories/25558Third Party Advisory
http://secunia.com/advisories/25688Third Party Advisory
http://secunia.com/advisories/25796Third Party Advisory
http://security.gentoo.org/glsa/glsa-200706-05.xmlThird Party Advisory
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLogBroken Link
http://www.debian.org/security/2007/dsa-1320Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:115Third Party Advisory
http://www.novell.com/linux/security/advisories/2007_33_clamav.htmlThird Party Advisory

FAQ

What is CVE-2007-2650?

CVE-2007-2650 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file blo...

How severe is CVE-2007-2650?

CVE-2007-2650 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-2650?

Check the references section above for vendor advisories and patch information. Affected products include: Clamav Clamav, Debian Debian Linux.