FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

sylpheed -- MIME-encoded file name buffer overflow vulnerability

Affected packages
sylpheed < 1.0.4
sylpheed-claws < 1.0.4
sylpheed-gtk2 < 1.0.4

Details

VuXML ID b1e8c810-01d0-11da-bc08-0001020eed82
Discovery 2005-03-29
Entry 2005-07-31

Sylpheed is vulnerable to a buffer overflow when displaying emails with attachments that have MIME-encoded file names. This could be used by a remote attacker to crash sylpheed potentially allowing execution of arbitrary code with the permissions of the user running sylpheed.

References

Bugtraq ID 12934
CVE Name CVE-2005-0926
URL http://sylpheed.good-day.net/changelog.html.en