CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
94.6%
A SITIC Vulnerability Advisory reports:
Evolution suffers from several format string bugs when
handling data from remote sources. These bugs lead to
crashes or the execution of arbitrary assembly language
code.
The first format string bug occurs when viewing the
full vCard data attached to an e-mail message.
The second format string bug occurs when displaying
contact data from remote LDAP servers.
The third format string bug occurs when displaying
task list data from remote servers.
The fourth, and least serious, format string bug
occurs when the user goes to the Calendars tab to save
task list data that is vulnerable to problem 3
above. Other calendar entries that do not come from task
lists are also affected.