Re: CVE-request: clamav floating point exception in OLE2 scanner DoS (2007)

[Kurt Seifried <kseifried () redhat com>]

On 03/28/2012 12:51 AM, Henri Salo wrote:
> Can I get 2007 CVE-identifier for "fix floating point exception when using ScanOLE2" vulnerability:
>
> clamav (0.91.2-1) unstable; urgency=low
>
>   * New upstream version
>     - fix call to tolower() which led to a crash in libclamav
>     - fix possible NULL dereference, e.g. when parsing email with RFC2397
>       URI
>     - fix floating point exception when using ScanOLE2
>     - fix possible NULL dereference in rtf.c
>
>  -- Stephen Gran <sgran () debian org>  Tue, 21 Aug 2007 11:17:01 +0100
>
> Different issue than CVE-2007-2650, which was fixed in 0.90.3
>
> http://security-tracker.debian.org/tracker/TEMP-0000000-6B8835
>
> Other issues have CVEs: CVE-2007-4510, CVE-2007-4560. I requested this CVE-identifier before, but it did not get 
> assigned.
>
> - Henri Salo

Please use CVE-2007-6745 for this issue.

-- 
Kurt Seifried Red Hat Security Response Team (SRT)