CVE-2005-2549
evolution - format string vulnerabilities
EPSS 2.9%
Description
Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers.
How to fix CVE-2005-2549
To remediate CVE-2005-2549, upgrade the affected package to a fixed version below.
- Debian/evolution—upgrade to 2.2.3-3 or later
- Debian/evolution—upgrade to 1.0.5-1woody3 or later
- —upgrade to 2.2.3-2etch1 or later
Is CVE-2005-2549 being exploited?
Low — EPSS is 2.9%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2.2.3-3
- from 0, < 1.0.5-1woody3
- from 0, < 2.2.3-2etch1