CVE-2004-1007

Description

The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows remote attackers to cause a denial of service (application crash) via mail headers that cause a line feed (LF) to be replaced by a null byte that is written to an incorrect memory address.

Affected products

• bogofilter / email_filter0.9.0.3 – 0.9.0.3
• bogofilter / email_filter0.9.0.4 – 0.9.0.4
• bogofilter / email_filter0.9.0.5 – 0.9.0.5
• bogofilter / email_filter0.92 – 0.92
• bogofilter / email_filter0.92.4 – 0.92.4
• bogofilter / email_filter0.92.6 – 0.92.6
• bogofilter / email_filter0.92.7 – 0.92.7
• Ubuntu / ubuntu_linux4.1 – 4.1
• Ubuntu / ubuntu_linux4.1 – 4.1

References

• MISChttp://bogofilter.sourceforge.net/security/bogofilter-SA-2004-01
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/17916