CVE-2005-0667
Sylpheed < 1.0.3 and < 1.9.5 - Remote Code Execution via Non-ASCII Email Header Handling
Title source: llmDescription
Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.
References (6)
Core 6
Core References
Patch, Vendor Advisory x_refsource_confirm
http://sylpheed.good-day.net/changelog-devel.html.en
Vendor Advisory vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1013376
Patch, Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2005-303.html
Patch, Vendor Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200503-26.xml
Patch, Vendor Advisory x_refsource_confirm
http://sylpheed.good-day.net/changelog.html.en
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/14491
Scores
EPSS
0.0334
EPSS Percentile
87.5%
Details
Status
published
Products (20)
altlinux/alt_linux
2.3 (2 CPE variants)
gentoo/linux
redhat/enterprise_linux
2.1 (6 CPE variants)
redhat/fedora_core
core_3.0
redhat/linux_advanced_workstation
2.1 (2 CPE variants)
sylpheed/sylpheed
0.8.11
sylpheed/sylpheed
0.9.4
sylpheed/sylpheed
0.9.5
sylpheed/sylpheed
0.9.6
sylpheed/sylpheed
0.9.7
... and 10 more
Published
Mar 07, 2005
Tracked Since
Feb 18, 2026