CVE-2007-2650

Home/CVE/The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) v

CVE

The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) v

The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.

MEDIUM · CVSS 4.3 EPSS 0.0499

Monitor

No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence

Sigma rules1 YARA rules0

⬡

Weakness Classification

CWE-400Uncontrolled Resource Consumption

▤

Affected Products & Versions

clamav< 0.90.3

debian linuxall versions

◈

Sigma Hunt Rules

Exact rules name this CVE ID. Product rules name an affected product in their title. Related rules cover techniques used by actors who exploited this CVE. Showing the most relevant matches; the complete related set is on the full drill-down.

producthighRelevant ClamAV Message

▣

Scoring & Timeline

4.3

MEDIUM · CVSS v2 (legacy) · cve@mitre.org

View on NVD

This CVE predates CVSS v3; the legacy v2 score is shown so triage still has a severity to work with.

v2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Published to NVD14 May 2007 · 09:19 PM

⚑

Vendor Advisories

msrcCVE-2007-2650

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

http://article.gmane.org/gmane.comp.security.virus.clamav.devel/2853Broken Link

http://kolab.org/security/kolab-vendor-notice-15.txtBroken Link

http://lurker.clamav.net/message/20070418.111144.0df6c5d3.en.htmlBroken Link

http://secunia.com/advisories/25244PatchThird Party Advisory

http://secunia.com/advisories/25523Third Party Advisory

http://secunia.com/advisories/25525Third Party Advisory

Show all 18 references

http://secunia.com/advisories/25553Third Party Advisory

http://secunia.com/advisories/25558Third Party Advisory

http://secunia.com/advisories/25688Third Party Advisory

http://secunia.com/advisories/25796Third Party Advisory

http://security.gentoo.org/glsa/glsa-200706-05.xmlThird Party Advisory

http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLogBroken Link

http://www.debian.org/security/2007/dsa-1320Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2007:115Third Party Advisory

http://www.novell.com/linux/security/advisories/2007_33_clamav.htmlThird Party Advisory

http://www.securityfocus.com/bid/24316Third Party AdvisoryVDB Entry

http://www.trustix.org/errata/2007/0020/Broken Link

http://www.vupen.com/english/advisories/2007/1776Permissions Required

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin