CVE-2006-0528 | Vulnerability Database | Aqua Security

The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains Content-Disposition: inline in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment.

Affected Software

Name	Vendor	Start Version	End Version
Evolution	Gnome	2.3.1 (including)	2.3.1 (including)
Evolution	Gnome	2.3.2 (including)	2.3.2 (including)
Evolution	Gnome	2.3.3 (including)	2.3.3 (including)
Evolution	Gnome	2.3.4 (including)	2.3.4 (including)
Evolution	Gnome	2.3.5 (including)	2.3.5 (including)
Evolution	Gnome	2.3.6 (including)	2.3.6 (including)
Evolution	Gnome	2.3.6.1 (including)	2.3.6.1 (including)
Evolution	Gnome	2.3.7 (including)	2.3.7 (including)
Libcairo	Ubuntu	dapper	*

References

http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0925.html
http://secunia.com/advisories/19504
http://securityreason.com/securityalert/610
http://www.mandriva.com/security/advisories?name=MDKSA-2006:057
http://www.novell.com/linux/security/advisories/2006_07_sr.html
http://www.securityfocus.com/bid/16408
https://usn.ubuntu.com/265-1/
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0925.html
http://secunia.com/advisories/19504
http://securityreason.com/securityalert/610
http://www.mandriva.com/security/advisories?name=MDKSA-2006:057
http://www.novell.com/linux/security/advisories/2006_07_sr.html
http://www.securityfocus.com/bid/16408
https://usn.ubuntu.com/265-1/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-0528
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html