CVE-2008-1109 — Vulnetix

Try Vulnetix Request Demo

CVE-2008-1109 PUBLISHED CVSS 9.300000190734863 CRITICAL

Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).

EPSS 4.24% · 88.7th percentile

Risk Scores

CVSS v2.0

9.300000190734863

EPSS Score

4.24%

88.7th percentile

Affected Products

Vendor	Product	Versions
gnome	evolution	2.22.1
n/a	n/a	n/a

Timeline

Jun 4, 2008 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Oct 22, 2023 EPSS Score

References

FEDORA-2008-5018 vendor-advisory
ADV-2008-1732 vdb
30298 third-party-advisory
FEDORA-2008-5016 vendor-advisory
30564 third-party-advisory
SUSE-SA:2008:028 vendor-advisory
RHSA-2008:0515 vendor-advisory
GLSA-200806-06 vendor-advisory
30571 third-party-advisory
FEDORA-2008-4990 vendor-advisory
evolution-icalendar-description-bo(42826) vdb
http://www.securityfocus.com/bid/29527 technical
1020170 vdb
http://secunia.com/secunia_research/2008-23/advisory/ url
RHSA-2008:0514 vendor-advisory
30716 third-party-advisory
30527 third-party-advisory
30702 third-party-advisory
MDVSA-2008:111 vendor-advisory
oval:org.mitre.oval:def:10337 vdb

…and 3 more

Open in Interactive Console →