CVE-2007-1002

Description

Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo.

How to fix CVE-2007-1002

To remediate CVE-2007-1002, upgrade the affected package to a fixed version below.

• Debian/evolution—upgrade to 2.10.2-1 or later
• Debian/evolution—upgrade to 2.0.4-2sarge2 or later

Is CVE-2007-1002 being exploited?

Moderate — EPSS is 12.5%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

• from 0, < 2.10.2-1
• from 0, < 2.0.4-2sarge2

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-1002