CVE-2005-0667 [Medium] | Memory Corruption in Sylpheed

Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	3.34%	3.25%	-0.09%
2	2025-12-23	3.41%	3.34%	-0.07%
3	2025-12-10	—	3.41%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

3.34%

3.25%

-0.09%

2025-12-23

3.41%

3.34%

-0.07%

2025-12-10

—

3.41%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
5.1	2.0	MEDIUM	`AV:N/AC:H/Au:N/C:P/I:P/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:H) Exploitation requires uncommon or highly specific conditions. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:P) Partial availability impact.	4.9	6.4	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

5.1

2.0

MEDIUM

AV:N/AC:H/Au:N/C:P/I:P/A:P Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:H): Exploitation requires uncommon or highly specific conditions.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:P): Partial confidentiality impact.
Integrity impact (I:P): Partial integrity impact.
Availability impact (A:P): Partial availability impact.

4.9

6.4

[email protected]

OS Trackers for CVE-2005-0667

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2005-0667 not yet assigned priority: Debian including 1 source packages (sylpheed), 3 status rows across 3 suites (bookworm, bullseye, trixie): resolved 3.	https://security-tracker.debian.org/tracker/CVE-2005-0667
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2005-0667

Affected software / configurations for CVE-2005-0667

Vendor	Product	Version	Raw CPE
sylpheed	sylpheed	0.8.11	cpe:2.3:a:sylpheed:sylpheed:0.8.11:::::::*
sylpheed	sylpheed	0.9.4	cpe:2.3:a:sylpheed:sylpheed:0.9.4:::::::*
sylpheed	sylpheed	0.9.5	cpe:2.3:a:sylpheed:sylpheed:0.9.5:::::::*
sylpheed	sylpheed	0.9.6	cpe:2.3:a:sylpheed:sylpheed:0.9.6:::::::*
sylpheed	sylpheed	0.9.7	cpe:2.3:a:sylpheed:sylpheed:0.9.7:::::::*
sylpheed	sylpheed	0.9.8	cpe:2.3:a:sylpheed:sylpheed:0.9.8:::::::*
sylpheed	sylpheed	0.9.9	cpe:2.3:a:sylpheed:sylpheed:0.9.9:::::::*
sylpheed	sylpheed	0.9.10	cpe:2.3:a:sylpheed:sylpheed:0.9.10:::::::*
sylpheed	sylpheed	0.9.11	cpe:2.3:a:sylpheed:sylpheed:0.9.11:::::::*
sylpheed	sylpheed	0.9.12	cpe:2.3:a:sylpheed:sylpheed:0.9.12:::::::*
sylpheed	sylpheed	0.9.99	cpe:2.3:a:sylpheed:sylpheed:0.9.99:::::::*
sylpheed	sylpheed	1.0.0	cpe:2.3:a:sylpheed:sylpheed:1.0.0:::::::*
sylpheed	sylpheed	1.0.1	cpe:2.3:a:sylpheed:sylpheed:1.0.1:::::::*
sylpheed	sylpheed	1.0.2	cpe:2.3:a:sylpheed:sylpheed:1.0.2:::::::*
sylpheed-claws	sylpheed-claws	1.0.2	cpe:2.3:a:sylpheed-claws:sylpheed-claws:1.0.2:::::::*
altlinux	alt_linux	2.3	cpe:2.3:o:altlinux:alt_linux:2.3::compact:::::
altlinux	alt_linux	2.3	cpe:2.3:o:altlinux:alt_linux:2.3::junior:::::
gentoo	linux	—	cpe:2.3:o:gentoo:linux::::::::
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server:::::
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server_ia64:::::
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server:::::
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server_ia64:::::
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation:::::
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation_ia64:::::
redhat	fedora_core	core_3.0	cpe:2.3:o:redhat:fedora_core:core_3.0:::::::*
redhat	linux_advanced_workstation	2.1	cpe:2.3:o:redhat:linux_advanced_workstation:2.1::ia64:::::
redhat	linux_advanced_workstation	2.1	cpe:2.3:o:redhat:linux_advanced_workstation:2.1::itanium_processor:::::

References for CVE-2005-0667

URL	Tags
http://secunia.com/advisories/14491	Patch Vendor Advisory
http://securitytracker.com/id?1013376	Vendor Advisory
http://sylpheed.good-day.net/changelog-devel.html.en	Patch Vendor Advisory
http://sylpheed.good-day.net/changelog.html.en	Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200503-26.xml	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-303.html	Patch Vendor Advisory

URL

CVE-2005-0667

Exploit prediction scoring system (EPSS) score for CVE-2005-0667

Common vulnerability scoring system (CVSS) metrics for CVE-2005-0667

Weakness enumeration for CVE-2005-0667

OS Trackers for CVE-2005-0667

Affected software / configurations for CVE-2005-0667

References for CVE-2005-0667