CVE-2012-5468
bogofilter - heap-based buffer overflow
EPSS 6.1%
Description
Heap-based buffer overflow in iconvert.c in the bogolexer component in Bogofilter before 1.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an email containing a base64 string that is decoded to incomplete multibyte characters.
How to fix CVE-2012-5468
To remediate CVE-2012-5468, upgrade the affected package to a fixed version below.
- Debian/bogofilter—upgrade to 1.2.2+dfsg1-2 or later
- Debian/bogofilter—upgrade to 1.2.2-2+squeeze1 or later
Is CVE-2012-5468 being exploited?
Moderate — EPSS is 6.1%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.2.2+dfsg1-2
- from 0, < 1.2.2-2+squeeze1