- Home
- CVEs with nessus.description=='DrWhax' of the Tails project reported that Claws Mail is missing range checks in some text conversion functions. A remote attacker could exploit this to run arbitrary code under the account of a user that receives a message from them using Claws Mail.
CVE-2015-8614
There were no checks on the output length for conversions between JIS (ISO-2022-JP) and EUC-JP, between JIS and UTF-8, and from Shift_JIS to EUC-JP.
CVE-2015-8708
The original fix for CVE-2015-8614 was incomplete.
For the oldoldstable distribution (squeeze), these problems have been fixed in version 3.7.6-4 squeeze2.
For the oldstable distribution (wheezy) and the stable distribution (jessie), this will be fixed soon. These versions were built with hardening features that make this issue harder to exploit.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top