Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Sylpheed | Sylpheed | 2.4.4 (including) | 2.4.4 (including) |
Sylpheed-claws | Sylpheed-claws | 1.9.100 (including) | 1.9.100 (including) |
Sylpheed-claws | Sylpheed-claws | 2.10.0 (including) | 2.10.0 (including) |