CVE-2007-1266
EPSS 4.8%
Description
Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
How to fix CVE-2007-1266
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- Debian/evolution—no fix listed
Is CVE-2007-1266 being exploited?
Low — EPSS is 4.8%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0