Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete operations.
CVSS Score
2.6
EPSS Score
0.083
Published
2007-03-07
KMail 1.9.5 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
CVSS Score
7.8
EPSS Score
0.009
Published
2007-03-06
Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of service (crash) via an email message whose body is approximately 55 K long.
CVSS Score
5.0
EPSS Score
0.009
Published
2002-06-25
KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories.
CVSS Score
4.6
EPSS Score
0.001
Published
2000-01-04
Buffer overflow in KDE Kmail allows a remote attacker to cause a denial of service via an attachment with a long file name.
CVSS Score
5.0
EPSS Score
0.008
Published
1999-06-01