CVE-2007-1265

KMail 1.9.5 and earlier does not properly use the –status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.

Affected Software

Name	Vendor	Start Version	End Version
K-mail	Kde	0.0.29.2 (including)	0.0.29.2 (including)
K-mail	Kde	1.0.23 (including)	1.0.23 (including)
K-mail	Kde	1.0.24 (including)	1.0.24 (including)
K-mail	Kde	1.0.25 (including)	1.0.25 (including)
K-mail	Kde	1.0.26 (including)	1.0.26 (including)
K-mail	Kde	1.0.27 (including)	1.0.27 (including)
K-mail	Kde	1.0.28 (including)	1.0.28 (including)
K-mail	Kde	1.0.29 (including)	1.0.29 (including)
K-mail	Kde	1.0.29.1 (including)	1.0.29.1 (including)
K-mail	Kde	1.0.29.2 (including)	1.0.29.2 (including)
K-mail	Kde	1.1 (including)	1.1 (including)
K-mail	Kde	1.2 (including)	1.2 (including)
K-mail	Kde	1.3.1 (including)	1.3.1 (including)
K-mail	Kde	1.7.1 (including)	1.7.1 (including)
K-mail	Kde	1.9.1 (including)	1.9.1 (including)
K-mail	Kde	1.86.2.36 (including)	1.86.2.36 (including)
K-mail	Kde	1.87 (including)	1.87 (including)
K-mail	Kde	1.88 (including)	1.88 (including)
K-mail	Kde	1.89 (including)	1.89 (including)
K-mail	Kde	1.90 (including)	1.90 (including)
K-mail	Kde	1.92 (including)	1.92 (including)
K-mail	Kde	1.93 (including)	1.93 (including)
K-mail	Kde	1.94 (including)	1.94 (including)
K-mail	Kde	1.95 (including)	1.95 (including)
K-mail	Kde	1.101 (including)	1.101 (including)
K-mail	Kde	1.102 (including)	1.102 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-1265
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References