oss-sec mailing list archives

CVE-request: clamav floating point exception in OLE2 scanner DoS (2007)

From: Henri Salo <henri () nerv fi>
Date: Wed, 28 Mar 2012 09:51:57 +0300

Can I get 2007 CVE-identifier for "fix floating point exception when using ScanOLE2" vulnerability:

clamav (0.91.2-1) unstable; urgency=low

  * New upstream version
    - fix call to tolower() which led to a crash in libclamav
    - fix possible NULL dereference, e.g. when parsing email with RFC2397
      URI
    - fix floating point exception when using ScanOLE2
    - fix possible NULL dereference in rtf.c

 -- Stephen Gran <sgran () debian org>  Tue, 21 Aug 2007 11:17:01 +0100

Different issue than CVE-2007-2650, which was fixed in 0.90.3

http://security-tracker.debian.org/tracker/TEMP-0000000-6B8835

Other issues have CVEs: CVE-2007-4510, CVE-2007-4560. I requested this CVE-identifier before, but it did not get 
assigned.

- Henri Salo

Current thread:

CVE-request: clamav floating point exception in OLE2 scanner DoS (2007) Henri Salo (Mar 27)
- Re: CVE-request: clamav floating point exception in OLE2 scanner DoS (2007) Kurt Seifried (Mar 28)