icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Sylpheed < 2.0.4 Address Book LDIF Import Overflow

Medium

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote client is running Sylpheed, an email client for Unix and Unix-like operating systems. This version is vulnerable to a buffer overflow via specially crafted email messages. An attacker exploiting this flaw would need to be able to convince a user to open a malicious email message and importing an attached LDIF file into their address book. Successful exploitation would lead to a Denial of Service or remote code execution.

Solution

Upgrade to version 2.0.4 or higher.