CVE-2005-3354

NameCVE-2005-3354
DescriptionStack-based buffer overflow in the ldif_get_line function in ldif.c of Sylpheed before 2.1.6 allows user-assisted attackers to execute arbitrary code by having local users import LDIF files with long lines.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-906-1, DSA-908-1
NVD severitymedium (attack range: remote, user-initiated)
Debian Bugs338434, 338436, 339529
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sylpheed (PTS)squeeze3.0.2-1fixed
wheezy3.2.0-1fixed
jessie, sid3.5.0~beta1~r3426-1fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sylpheedsource(unstable)2.0.4-1medium338434
sylpheedsourcesarge1.0.4-1sarge1mediumDSA-906-1
sylpheedsourcewoody0.7.4-4woody1mediumDSA-906-1
sylpheed-clawssource(unstable)1.0.5-2medium338436
sylpheed-clawssourcesarge1.0.4-1sarge1mediumDSA-908-1
sylpheed-clawssourcewoody0.7.4claws-3woody1mediumDSA-908-1
sylpheed-claws-gtk2source(unstable)1.9.100-1medium339529
sylpheed-gtk1source(unstable)1.0.6-1medium

Search for package or bug name: Reporting problems