Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-0528Evolution vulnerability

8 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
5.1%
top 10.15%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Gnome Evolution
Timeline
PublishedFeb 2
Latest updateMay 1

Description

The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debiangnome/evolution< 2.2.3-4+3
NVDgnome/evolution8 versions+7

🔴Vulnerability Details

3
GHSA
GHSA-4rxr-6q7p-q23g: The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent2022-05-01
OSV
CVE-2006-0528: The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent2006-02-02
CVEList
CVE-2006-0528: The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent2006-02-02

💥Exploits & PoCs

2
Exploit-DB
PA168 Chipset IP Phones - Weak Session Management2007-01-24
Exploit-DB
GNOME Evolution 2.2.3/2.3.x - Inline XML File Attachment Buffer Overflow2006-01-28

📋Vendor Advisories

2
Ubuntu
cairo/Evolution library vulnerability2006-03-23
Debian
CVE-2006-0528: evolution - The cairo library (libcairo), as used in GNOME Evolution and possibly other prod...2006
CVE-2006-0528 — Gnome Evolution vulnerability | cvebase