CVE-2006-0528 Information

Description

The cairo library (libcairo) as used in GNOME Evolution and possibly other products allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains \Content-Disposition: inline\ in the header and a very long line in the body which causes the client to repeatedly crash until the e-mail message is manually removed possibly due to a buffer overflow as demonstrated using an XML attachment.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0925.html http://secunia.com/advisories/19504 http://securityreason.com/securityalert/610 http://www.mandriva.com/security/advisories?name=MDKSA-2006:057 http://www.novell.com/linux/security/advisories/2006_07_sr.html http://www.securityfocus.com/bid/16408 https://usn.ubuntu.com/265-1/