Stack-Based Buffer Overflow in Balsa Email Client by GNOME
CVE-2007-5007

Currently unrated

Key Information:

Vendor: Gnome
Status: Balsa
Vendor: CVE Published:; 12 December 2007

What is CVE-2007-5007?

A stack-based buffer overflow exists in the 'ir_fetch_seq' function of Balsa, an email client by GNOME, prior to version 2.3.20. This vulnerability may allow remote IMAP servers to trigger an overflow by sending a long response to a FETCH command, potentially enabling the execution of arbitrary code on the user’s machine. Users are advised to update to the latest version of Balsa to mitigate this risk.

References

http://bugs.gentoo.org/show_bug.cgi?id=193179

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=297581

x_refsource_CONFIRM

http://www.novell.com/linux/security/advisories/2007_19_s...

vendor-advisoryx_refsource_SUSE

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2007
Vulnerability Reserved
Sep 20, 2007

Gnome

What is CVE-2007-5007?

References

Timeline