CVE-2006-0528

Publication date 2 February 2006

Last updated 17 July 2025

Ubuntu priority

Description

The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
evolution	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected
libcairo	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Fixed 1.0.4-0ubuntu1

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-265-1
cairo/Evolution library vulnerability
23 March 2006

Other references

https://www.cve.org/CVERecord?id=CVE-2006-0528