sylpheed
Page content
- Author: voroskoi
- Vulnerable: 2.3.1-1
- Unaffected: 2.3.1-2terminus1
Secunia Research has discovered a vulnerability in Sylpheed, which can be exploited by malicious people to compromise a vulnerable system. A format string error in the “inc_put_error()” function in src/inc.c when displaying a POP3 server’s error response can be exploited via specially crafted POP3 server replies containing format specifiers. Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into connecting to a malicious POP3 server.
- Bug Tracker URL: http://bugs.frugalware.org/task/2378