CVE-2009-0587

Description

Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel.

How to fix CVE-2009-0587

To remediate CVE-2009-0587, upgrade the affected package to a fixed version below.

• Debian/evolution-data-server—upgrade to 2.22.3-1 or later

Is CVE-2009-0587 being exploited?

Low — EPSS is 1.9%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2.22.3-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2009-0587