CVE-2007-1266
published 2007-03-06CVE-2007-1266: Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between…
medium5CVSS 3.1
AVNACLAuNCNIPAN
EXPLOIT
Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | evolution | — | — |
| gnome | evolution | <= 2.8.1 | — |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM