Sylpheed 2.2.7 and previous versions does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote malicious users to forge the contents of a message without detection.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sylpheed sylpheed |