Executive Summary
Summary | |
---|---|
Title | cairo/Evolution library vulnerability |
Informations | |||
---|---|---|---|
Name | USN-265-1 | First vendor Publication | 2006-03-23 |
Vendor | Ubuntu | Last vendor Modification | 2006-03-23 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 5.10 (Breezy Badger) The following packages are affected: libcairo2 The problem can be corrected by upgrading the affected package to version 1.0.2-0ubuntu1.1. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: When rendering glyphs, the cairo graphics rendering library did not check the maximum length of character strings. A request to display an excessively long string with cairo caused a program crash due to an X library error. Mike Davis discovered that this could be turned into a Denial of Service attack in Evolution. An email with an attachment with very long lines caused Evolution to crash repeatedly until that email was manually removed from the mail folder. This only affects Ubuntu 5.10. Previous Ubuntu releases did not use libcairo for text rendering. |
Original Source
Url : http://www.ubuntu.com/usn/USN-265-1 |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
22923 | GNOME Evolution Mail Client Inline Text File Content-Disposition DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-03-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-265-1.nasl - Type : ACT_GATHER_INFO |
2006-03-21 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-057.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:03:21 |
|