CVE-2005-3354

NameCVE-2005-3354
DescriptionStack-based buffer overflow in the ldif_get_line function in ldif.c of Sylpheed before 2.1.6 allows user-assisted attackers to execute arbitrary code by having local users import LDIF files with long lines.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-906-1, DSA-908-1
Debian Bugs338434, 338436, 339529

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sylpheed (PTS)bullseye3.7.0-8fixed
bookworm3.8.0~beta1-1fixed
sid, trixie3.8.0~beta1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sylpheedsourcewoody0.7.4-4woody1DSA-906-1
sylpheedsourcesarge1.0.4-1sarge1DSA-906-1
sylpheedsource(unstable)2.0.4-1medium338434
sylpheed-clawssourcewoody0.7.4claws-3woody1DSA-908-1
sylpheed-clawssourcesarge1.0.4-1sarge1DSA-908-1
sylpheed-clawssource(unstable)1.0.5-2medium338436
sylpheed-claws-gtk2source(unstable)1.9.100-1medium339529
sylpheed-gtk1source(unstable)1.0.6-1medium

Search for package or bug name: Reporting problems