Fluid Attacks Database

Description

Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	claws-mail	>=0 <3.13.1-1	3.13.1-1
debian 11	macopix	>=0 <1.7.4-6	1.7.4-6
debian 11	claws-mail	>=0 <3.13.1-1	3.13.1-1
debian 14	claws-mail	>=0 <3.13.1-1	3.13.1-1
debian 12	macopix	>=0 <1.7.4-6	1.7.4-6
debian 13	claws-mail	>=0 <3.13.1-1	3.13.1-1
debian 13	macopix	>=0 <1.7.4-6	1.7.4-6
debian 14	macopix	>=0 <1.7.4-6	1.7.4-6

Aliases

1. CVE-2015-86142. NVD-2015-86143. OSV-DEBIAN-2015-86144. OSV-2015-86145. SECURITY-TRACKER-CVE-2015-8614

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.