CVE-2007-4510

Name of the Vulnerable Software and Affected Versions ClamAV versions prior to 0.91.2

Description The issue allows remote attackers to cause a denial of service, resulting in an application crash. This can be achieved through a crafted RTF file, which triggers a NULL dereference in the cli scanrtf function, or a crafted HTML document with a data: URI, triggering a NULL dereference in the cli html normalise function.

Recommendations For ClamAV versions prior to 0.91.2, update to version 0.91.2 or later to resolve the issue. As a temporary workaround, consider restricting the processing of RTF files and HTML documents with data: URIs to minimize the risk of exploitation.