• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Gnome Evolution iCalendar Multiple Buffer Overflow Vulnerabilities

Gnome Evolution is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied input before copying it to insufficiently sized buffers. The issues arise when the application handles iCalendar attachments.

Successfully exploiting these issues will allow an attacker to execute arbitrary code in the context of the application. Failed exploit attempts will likely crash the application.

Gnome Evolution 2.21.1 is vulnerable to these issues; other versions may also be affected.