CVE-2007-2958

Publication date 27 August 2007

Last updated 17 July 2025

Ubuntu priority

Description

Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
sylpheed	7.10 gutsy	Fixed 2.4.5-1
	7.04 feisty	Fixed 2.3.1-1~ubuntu1.1
	6.10 edgy	Fixed 2.2.7-1ubuntu0.1
	6.06 LTS dapper	Fixed 2.2.4-1ubuntu1.1
claws-mail	7.10 gutsy	Fixed 2.10.0-3ubuntu3
	7.04 feisty	Not in release
	6.10 edgy	Not in release
	6.06 LTS dapper	Not in release
sylpheed-claws	7.10 gutsy	Not in release
	7.04 feisty	Fixed 1.0.5-5.1ubuntu0.1
	6.10 edgy	Fixed 1.0.5-4ubuntu0.1
	6.06 LTS dapper	Fixed 1.0.5-2ubuntu0.1
sylpheed-claws-gtk2	7.10 gutsy	Not in release
	7.04 feisty	Fixed 2.6.0-1.1ubuntu1.1
	6.10 edgy	Fixed 2.5.0~rc3-1ubuntu0.1
	6.06 LTS dapper	Fixed 2.1.1-1ubuntu1.1

References

Other references

https://www.cve.org/CVERecord?id=CVE-2007-2958