Heap-based Buffer Overflow in Evolution by Novell
CVE-2008-1109

Currently unrated

Key Information:

Vendor

Gnome
Status
Evolution
Vendor
CVE Published:
4 June 2008

What is CVE-2008-1109?

A heap-based buffer overflow vulnerability exists in Evolution 2.22.1, which can be exploited by remote attackers to execute arbitrary code on the target system. This occurs when a specially crafted iCalendar attachment containing a long DESCRIPTION property is processed during a reply in the calendar view. Proper memory handling flaws can potentially allow attackers to take control of the affected application, making it crucial for users to apply the necessary updates and patches.

References

https://www.redhat.com/archives/fedora-package-announce/2...
vendor-advisoryx_refsource_FEDORA
http://www.vupen.com/english/advisories/2008/1732/references
vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/30298
third-party-advisoryx_refsource_SECUNIA

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.