Unrated severityNVD Advisory· Published May 14, 2007· Updated Apr 23, 2026

CVE-2007-2650

Description

The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.

Affected products

ClamAV/Clamav
cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*
Range: <0.90.3
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/25244nvdPatchThird Party Advisory
secunia.com/advisories/25523nvdThird Party Advisory
secunia.com/advisories/25525nvdThird Party Advisory
secunia.com/advisories/25553nvdThird Party Advisory
secunia.com/advisories/25558nvdThird Party Advisory
secunia.com/advisories/25688nvdThird Party Advisory
secunia.com/advisories/25796nvdThird Party Advisory
security.gentoo.org/glsa/glsa-200706-05.xmlnvdThird Party Advisory
www.debian.org/security/2007/dsa-1320nvdThird Party Advisory
www.mandriva.com/security/advisoriesnvdThird Party Advisory
www.novell.com/linux/security/advisories/2007_33_clamav.htmlnvdThird Party Advisory
www.securityfocus.com/bid/24316nvdThird Party AdvisoryVDB Entry
article.gmane.org/gmane.comp.security.virus.clamav.devel/2853nvdBroken Link
kolab.org/security/kolab-vendor-notice-15.txtnvdBroken Link
lurker.clamav.net/message/20070418.111144.0df6c5d3.en.htmlnvdBroken Link
svn.clamav.net/svn/clamav-devel/trunk/ChangeLognvdBroken Link
www.trustix.org/errata/2007/0020/nvdBroken Link
www.vupen.com/english/advisories/2007/1776nvdPermissions Required

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000