Description
Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete operations.
Exploits (1)
References (8)
Core 8
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24889
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/448766/100/0/threaded
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_6_sr.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/448768/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/20539
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29557
Exploit mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0293.html
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/2347
Scores
EPSS
0.0947
EPSS Percentile
92.9%
Details
CWE
CWE-20
Status
published
Products (1)
kde/k-mail
1.9.1
Published
Mar 07, 2007
Tracked Since
Feb 18, 2026