CVE-2008-1109
published 2008-06-04CVE-2008-1109: Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar…
critical9.3CVSS 3.1
AVNACMAuNCCICAC
Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | evolution | < evolution 2.22.2-1.1 (bookworm) | evolution 2.22.2-1.1 (bookworm) |
| gnome | evolution | — | — |
| gnome | evolution | >= 0 < 2.22.2-1.1 | 2.22.2-1.1 |
| gnome | evolution | >= 0 < 2.22.2-1.1 | 2.22.2-1.1 |
| gnome | evolution | >= 0 < 2.22.2-1.1 | 2.22.2-1.1 |
| gnome | evolution | >= 0 < 2.22.2-1.1 | 2.22.2-1.1 |
CVSS provenance
nvd9.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL