CVE-2005-2549 | Vulnerability Database | Aqua Security

Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers.

Affected Software

Name	Vendor	Start Version	End Version
Evolution	Gnome	1.5 (including)	1.5 (including)
Evolution	Gnome	2.0 (including)	2.0 (including)
Evolution	Gnome	2.1 (including)	2.1 (including)
Evolution	Gnome	2.2 (including)	2.2 (including)
Evolution	Gnome	2.3.1 (including)	2.3.1 (including)
Evolution	Gnome	2.3.2 (including)	2.3.2 (including)
Evolution	Gnome	2.3.3 (including)	2.3.3 (including)
Evolution	Gnome	2.3.4 (including)	2.3.4 (including)
Evolution	Gnome	2.3.5 (including)	2.3.5 (including)
Evolution	Gnome	2.3.6.1 (including)	2.3.6.1 (including)

References

http://marc.info/?l=full-disclosure\u0026m=112368237712032\u0026w=2
http://secunia.com/advisories/16394
http://secunia.com/advisories/19380
http://www.debian.org/security/2006/dsa-1016
http://www.mandriva.com/security/advisories?name=MDKSA-2005:141
http://www.novell.com/linux/security/advisories/2005_54_evolution.html
http://www.redhat.com/archives/fedora-announce-list/2005-August/msg00031.html
http://www.redhat.com/support/errata/RHSA-2005-267.html
http://www.securityfocus.com/archive/1/407789
http://www.securityfocus.com/bid/14532
http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9553
https://usn.ubuntu.com/166-1/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-2549
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html