Vulnerability Name:

CVE-2005-0926 (CCN-19901)

Assigned:2005-03-30
Published:2005-03-30
Updated:2008-09-10
Summary:Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attachments with MIME-encoded file names.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2005-0926

Source: CCN
Type: Sylpheed Web site
Sylpheed- a GTK+ based, lightweight, and fast e-mail client -

Source: CONFIRM
Type: UNKNOWN
http://sylpheed.good-day.net/changelog.html.en

Source: CCN
Type: GLSA-200504-02
Sylpheed, Sylpheed-claws: Buffer overflow on message display

Source: CCN
Type: OSVDB ID: 15125
Sylpheed MIME-encoded Attachment Filename Overflow

Source: CCN
Type: BID-12934
Sylpheed MIME-Encoded Attachment Name Buffer Overflow Vulnerability

Source: CCN
Type: TLSA-2005-44
Two vulnerabilities discovered in Sylpheed

Source: XF
Type: UNKNOWN
sylpheed-mime-attachment-bo(19901)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sylpheed:sylpheed:0.8.11:*:*:*:*:*:*:*
  • OR cpe:/a:sylpheed:sylpheed:0.9.4:*:*:*:*:*:*:*
  • OR cpe:/a:sylpheed:sylpheed:0.9.5:*:*:*:*:*:*:*
  • OR cpe:/a:sylpheed:sylpheed:0.9.6:*:*:*:*:*:*:*
  • OR cpe:/a:sylpheed:sylpheed:0.9.7:*:*:*:*:*:*:*
  • OR cpe:/a:sylpheed:sylpheed:0.9.8:*:*:*:*:*:*:*
  • OR cpe:/a:sylpheed:sylpheed:0.9.9:*:*:*:*:*:*:*
  • OR cpe:/a:sylpheed:sylpheed:0.9.10:*:*:*:*:*:*:*
  • OR cpe:/a:sylpheed:sylpheed:0.9.11:*:*:*:*:*:*:*
  • OR cpe:/a:sylpheed:sylpheed:0.9.12:*:*:*:*:*:*:*
  • OR cpe:/a:sylpheed:sylpheed:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:sylpheed:sylpheed:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:sylpheed:sylpheed:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:sylpheed:sylpheed:1.0.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    sylpheed sylpheed 0.8.11
    sylpheed sylpheed 0.9.4
    sylpheed sylpheed 0.9.5
    sylpheed sylpheed 0.9.6
    sylpheed sylpheed 0.9.7
    sylpheed sylpheed 0.9.8
    sylpheed sylpheed 0.9.9
    sylpheed sylpheed 0.9.10
    sylpheed sylpheed 0.9.11
    sylpheed sylpheed 0.9.12
    sylpheed sylpheed 1.0.0
    sylpheed sylpheed 1.0.1
    sylpheed sylpheed 1.0.2
    sylpheed sylpheed 1.0.3