The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows remote attackers to cause a denial of service (application crash) via mail headers that cause a line feed (LF) to be replaced by a null byte that is written to an incorrect memory address.
| Software | From | Fixed in |
|---|---|---|
| ubuntu / ubuntu_linux | 4.1 | 4.1.x |
| bogofilter / email_filter | 0.9.0.3 | 0.9.0.3.x |
| bogofilter / email_filter | 0.9.0.4 | 0.9.0.4.x |
| bogofilter / email_filter | 0.9.0.5 | 0.9.0.5.x |
| bogofilter / email_filter | 0.92 | 0.92.x |
| bogofilter / email_filter | 0.92.4 | 0.92.4.x |
| bogofilter / email_filter | 0.92.6 | 0.92.6.x |
| bogofilter / email_filter | 0.92.7 | 0.92.7.x |