CVE-2008-0072Use of Externally-Controlled Format String in Evolution

CWE-134Use of Externally-Controlled Format String8 documents8 sources
Severity
6.8MEDIUMNVD
EPSS
16.1%
top 5.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Gnome Evolution
Timeline
PublishedMar 6
Latest updateMay 1

Description

Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

Debiangnome/evolution< 2.12.3-1.1+3
NVDgnome/evolution2.12.3

Patches

Patch: www.debian.orgPatch: www.debian.org

🔴Vulnerability Details

3
GHSA
GHSA-j468-6fhg-5w3c: Format string vulnerability in the emf_multipart_encrypted function in mail/em-format2022-05-01
CVEList
CVE-2008-0072: Format string vulnerability in the emf_multipart_encrypted function in mail/em-format2008-03-06
OSV
CVE-2008-0072: Format string vulnerability in the emf_multipart_encrypted function in mail/em-format2008-03-06

📋Vendor Advisories

3
Red Hat
Evolution format string flaw2008-03-05
Ubuntu
Evolution vulnerability2008-03-05
Debian
CVE-2008-0072: evolution - Format string vulnerability in the emf_multipart_encrypted function in mail/em-f...2008

💬Community

1
Bugzilla
CVE-2008-0072 Evolution format string flaw2008-03-03
CVE-2008-0072 — Gnome Evolution vulnerability | cvebase