Fluid Attacks Database

Description

The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows remote attackers to cause a denial of service (application crash) via mail headers that cause a line feed (LF) to be replaced by a null byte that is written to an incorrect memory address.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	bogofilter	>=0 <0.92.8-1	0.92.8-1
debian 13	bogofilter	>=0 <0.92.8-1	0.92.8-1
debian 11	bogofilter	>=0 <0.92.8-1	0.92.8-1
debian 14	bogofilter	>=0 <0.92.8-1	0.92.8-1

Aliases

1. CVE-2004-10072. NVD-2004-10073. OSV-DEBIAN-2004-10074. OSV-2004-10075. SECURITY-TRACKER-CVE-2004-1007

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.