CVE-2007-1267
EPSS 1.4%
Description
Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
How to fix CVE-2007-1267
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- Debian/sylpheed—no fix listed
Is CVE-2007-1267 being exploited?
Low — EPSS is 1.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0