CVE-2005-2550 : Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attac

Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab.

Published 2005-08-12 04:00:00

Updated 2025-04-03 01:03:51

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Execute codeDenial of service

Products affected by CVE-2005-2550

Gnome » Evolution » Version: 2.0
cpe:2.3:a:gnome:evolution:2.0:*:*:*:*:*:*:*
Matching versions
Gnome » Evolution » Version: 2.1
cpe:2.3:a:gnome:evolution:2.1:*:*:*:*:*:*:*
Matching versions
Gnome » Evolution » Version: 2.3.2
cpe:2.3:a:gnome:evolution:2.3.2:*:*:*:*:*:*:*
Matching versions
Gnome » Evolution » Version: 2.3.3
cpe:2.3:a:gnome:evolution:2.3.3:*:*:*:*:*:*:*
Matching versions
Gnome » Evolution » Version: 2.3.4
cpe:2.3:a:gnome:evolution:2.3.4:*:*:*:*:*:*:*
Matching versions
Gnome » Evolution » Version: 1.5
cpe:2.3:a:gnome:evolution:1.5:*:*:*:*:*:*:*
Matching versions
Gnome » Evolution » Version: 2.3.5
cpe:2.3:a:gnome:evolution:2.3.5:*:*:*:*:*:*:*
Matching versions
Gnome » Evolution » Version: 2.3.6.1
cpe:2.3:a:gnome:evolution:2.3.6.1:*:*:*:*:*:*:*
Matching versions
Gnome » Evolution » Version: 2.2
cpe:2.3:a:gnome:evolution:2.2:*:*:*:*:*:*:*
Matching versions
Gnome » Evolution » Version: 2.3.1
cpe:2.3:a:gnome:evolution:2.3.1:*:*:*:*:*:*:*
Matching versions
Gnome » Evolution » Version: 1.4
cpe:2.3:a:gnome:evolution:1.4:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2005-2550

EPSS FAQ

5.16%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 89 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2005-2550

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2005-2550

http://secunia.com/advisories/16394

About Secunia Research | Flexera

CVEs referencing this url
http://www.debian.org/security/2006/dsa-1016

[SECURITY] [DSA 1016-1] New evolution packages fix arbitrary code execution

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10880

404 Not Found
http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html

Senaste nyheter om IT-säkerhet

CVEs referencing this url
http://www.securityfocus.com/archive/1/407789

CVEs referencing this url
http://www.redhat.com/archives/fedora-announce-list/2005-August/msg00031.html

[SECURITY] Fedora Core 4 Update: evolution-2.2.3-2.fc4

CVEs referencing this url
https://usn.ubuntu.com/166-1/

404: Page not found | Ubuntu

CVEs referencing this url
http://www.novell.com/linux/security/advisories/2005_54_evolution.html

404 Page Not Found | SUSE

CVEs referencing this url
http://marc.info/?l=full-disclosure&m=112368237712032&w=2

'[Full-disclosure] Evolution multiple remote format string bugs' - MARC

CVEs referencing this url
http://secunia.com/advisories/19380

About Secunia Research | Flexera

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2005-267.html

Support

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDKSA-2005:141

Mandriva

CVEs referencing this url
http://www.securityfocus.com/bid/14532

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2005-2550

Products affected by CVE-2005-2550

Exploit prediction scoring system (EPSS) score for CVE-2005-2550

CVSS scores for CVE-2005-2550

References for CVE-2005-2550