Ubuntu
evolution package

Buffer overflow when opening mail with calendar.vcf tnef attachment

Bug #608085 reported by Anze Zagar on 2010-07-21

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	evolution (Ubuntu)	Expired	Medium	Unassigned

Bug Description

Binary package hint: evolution

Ubuntu 10.04 LTS, Evolution 2.28.3-0ubuntu10

After accepting an appointment invitation in Outlook 2007 MS Exchange client, moving it to another IMAP account and then opening it from there with Evolution, I get a buffer overflow and Evolution crashes. Error obviously occurs in tnef plugin (libytnef.so.0 of libytnef0-1.5-2 in particular). It does not occur if I remove evolution-plugins-experimental-2.28.3-0ubuntu10. Evolution 2.30 (from ppa:jacob/evo230) does not resolve this issue either.

Here is the error dump:

/home/anzez/.evolution/cache/tmp/tnef-attachment-SCDwr8/calendar.vcf
*** buffer overflow detected ***: evolution terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7fa9065e7207]
/lib/libc.so.6(+0xfe0c0)[0x7fa9065e60c0]
/usr/lib/libytnef.so.0(DecompressRTF+0x3c)[0x7fa8f7d9c4ec]
/usr/lib/evolution/2.28/plugins/liborg-gnome-tnef-attachments.so(saveVCalendar+0x3f3)[0x7fa8f7fb41b3]
/usr/lib/evolution/2.28/plugins/liborg-gnome-tnef-attachments.so(processTnef+0x28d)[0x7fa8f7fb490d]
/usr/lib/evolution/2.28/plugins/liborg-gnome-tnef-attachments.so(org_gnome_format_tnef+0xfc)[0x7fa8f7fb4d8c]
/usr/lib/evolution/2.28/libeutil.so.0(+0x2b192)[0x7fa91070a192]
/usr/lib/evolution/2.28/components/libevolution-mail.so(+0x37c72)[0x7fa8fbed1c72]
/usr/lib/evolution/2.28/components/libevolution-mail.so(+0x3b1d7)[0x7fa8fbed51d7]
/usr/lib/evolution/2.28/libevolution-mail-shared.so.0(em_format_part_as+0xfd)[0x7fa8fbc4a41d]
/usr/lib/evolution/2.28/libevolution-mail-shared.so.0(em_format_part+0x52)[0x7fa8fbc4a5e2]
/usr/lib/evolution/2.28/libevolution-mail-shared.so.0(+0x54302)[0x7fa8fbc4b302]
/usr/lib/evolution/2.28/libevolution-mail-shared.so.0(em_format_part_as+0x15e)[0x7fa8fbc4a47e]
/usr/lib/evolution/2.28/libevolution-mail-shared.so.0(em_format_part+0x52)[0x7fa8fbc4a5e2]
/usr/lib/evolution/2.28/components/libevolution-mail.so(+0x3e0ee)[0x7fa8fbed80ee]
/usr/lib/evolution/2.28/components/libevolution-mail.so(+0x3ce60)[0x7fa8fbed6e60]
/usr/lib/evolution/2.28/libevolution-mail-shared.so.0(+0x691df)[0x7fa8fbc601df]
/lib/libglib-2.0.so.0(+0x69a5f)[0x7fa9068d4a5f]
/lib/libglib-2.0.so.0(+0x67b84)[0x7fa9068d2b84]
/lib/libpthread.so.0(+0x69ca)[0x7fa90d4e79ca]
/lib/libc.so.6(clone+0x6d)[0x7fa9065ce6fd]
======= Memory map: ========
00400000-00420000 r-xp 00000000 08:06 15639 /usr/bin/evolution
00620000-00621000 r--p 00020000 08:06 15639 /usr/bin/evolution
00621000-00625000 rw-p 00021000 08:06 15639 /usr/bin/evolution
01a5b000-024a2000 rw-p 00000000 00:00 0 [heap]
7fa8dc538000-7fa8dc53c000 rw-p 00000000 00:00 0
7fa8dc53c000-7fa8dc53e000 rw-p 00000000 00:00 0
7fa8dcd3f000-7fa8dcd40000 ---p 00000000 00:00 0
7fa8dcd40000-7fa8dd540000 rw-p 00000000 00:00 0
7fa8dd540000-7fa8dd541000 ---p 00000000 00:00 0
7fa8dd541000-7fa8ddd41000 rw-p 00000000 00:00 0
7fa8ddd41000-7fa8e1d42000 rw-s 00000000 00:10 76443 /dev/shm/pulse-shm-425152416
7fa8e1d42000-7fa8e1f05000 r-xp 00000000 08:06 79504 /usr/lib/libvorbisenc.so.2.0.6
7fa8e1f05000-7fa8e2105000 ---p 001c3000 08:06 79504 /usr/lib/libvorbisenc.so.2.0.6
7fa8e2105000-7fa8e211c000 r--p 001c3000 08:06 79504 /usr/lib/libvorbisenc.so.2.0.6
7fa8e211c000-7fa8e211d000 rw-p 001da000 08:06 79504 /usr/lib/libvorbisenc.so.2.0.6
7fa8e211d000-7fa8e2166000 r-xp 00000000 08:06 79489 /usr/lib/libFLAC.so.8.2.0
7fa8e2166000-7fa8e2366000 ---p 00049000 08:06 79489 /usr/lib/libFLAC.so.8.2.0
7fa8e2366000-7fa8e2367000 r--p 00049000 08:06 79489 /usr/lib/libFLAC.so.8.2.0
7fa8e2367000-7fa8e2368000 rw-p 0004a000 08:06 79489 /usr/lib/libFLAC.so.8.2.0
7fa8e2368000-7fa8e23c6000 r-xp 00000000 08:06 79511 /usr/lib/libsndfile.so.1.0.21
7fa8e23c6000-7fa8e25c6000 ---p 0005e000 08:06 79511 /usr/lib/libsndfile.so.1.0.21
7fa8e25c6000-7fa8e25c8000 r--p 0005e000 08:06 79511 /usr/lib/libsndfile.so.1.0.21
7fa8e25c8000-7fa8e25c9000 rw-p 00060000 08:06 79511 /usr/lib/libsndfile.so.1.0.21
7fa8e25c9000-7fa8e25cd000 rw-p 00000000 00:00 0
7fa8e25cd000-7fa8e25d6000 r-xp 00000000 08:06 65675 /lib/libwrap.so.0.7.6
7fa8e25d6000-7fa8e27d5000 ---p 00009000 08:06 65675 /lib/libwrap.so.0.7.6
7fa8e27d5000-7fa8e27d6000 r--p 00008000 08:06 65675 /lib/libwrap.so.0.7.6
7fa8e27d6000-7fa8e27d7000 rw-p 00009000 08:06 65675 /lib/libwrap.so.0.7.6
7fa8e27d7000-7fa8e27d8000 rw-p 00000000 00:00 0
7fa8e27d8000-7fa8e2823000 r-xp 00000000 08:06 22719 /usr/lib/libpulsecommon-0.9.21.so
7fa8e2823000-7fa8e2a22000 ---p 0004b000 08:06 22719 /usr/lib/libpulsecommon-0.9.21.so
7fa8e2a22000-7fa8e2a23000 r--p 0004a000 08:06 22719 /usr/lib/libpulsecommon-0.9.21.so
7fa8e2a23000-7fa8e2a24000 rw-p 0004b000 08:06 22719 /usr/lib/libpulsecommon-0.9.21.so
7fa8e2a24000-7fa8e2a29000 r-xp 00000000 08:06 34842 /usr/lib/libXtst.so.6.1.0
7fa8e2a29000-7fa8e2c29000 ---p 00005000 08:06 34842 /usr/lib/libXtst.so.6.1.0
7fa8e2c29000-7fa8e2c2a000 r--p 00005000 08:06 34842 /usr/lib/libXtst.so.6.1.0
7fa8e2c2a000-7fa8e2c2b000 rw-p 00006000 08:06 34842 /usr/lib/libXtst.so.6.1.0
7fa8e2c2b000-7fa8e2c6b000 r-xp 00000000 08:06 22698 /usr/lib/libpulse.so.0.12.2
7fa8e2c6b000-7fa8e2e6b000 ---p 00040000 08:06 22698 /usr/lib/libpulse.so.0.12.2
7fa8e2e6b000-7fa8e2e6c000 r--p 00040000 08:06 22698 /usr/lib/libpulse.so.0.12.2
7fa8e2e6c000-7fa8e2e6d000 rw-p 00041000 08:06 22698 /usr/lib/libpulse.so.0.12.2
7fa8e2e6d000-7fa8e2e73000 r-xp 00000000 08:06 1189033 /usr/lib/libcanberra-0.22/libcanberra-pulse.so
7fa8e2e73000-7fa8e3072000 ---p 00006000 08:06 1189033 /usr/lib/libcanberra-0.22/libcanberra-pulse.so
7fa8e3072000-7fa8e3073000 r--p 00005000 08:06 1189033 /usr/lib/libcanberra-0.22/libcanberra-pulse.so
7fa8e3073000-7fa8e3074000 rw-p 00006000 08:06 1189033 /usr/lib/libcanberra-0.22/libcanberra-pulse.so
7fa8e3074000-7fa8e307c000 r-xp 00000000 08:06 1052776 /usr/lib/evolution/2.28/plugins/liborg-gnome-evolution-google.so
7fa8e307c000-7fa8e327b000 ---p 00008000 08:06 1052776 /usr/lib/evolution/2.28/plugins/liborg-gnome-evolution-google.so
7fa8e327b000-7fa8e327c000 r--p 00007000 08:06 1052776 /usr/lib/evolution/2.28/plugins/liborg-gnome-evolution-google.so
7fa8e327c000-7fa8e327d000 rw-p 00008000 08:06 1052776 /usr/lib/evolution/2.28/plugins/liborg-gnome-evolution-google.so
7fa8e327d000-7fa8e32bc000 r-xp 00000000 08:06 85318 /usr/lib/libibus.so.1.0.0
7fa8e32bc000-7fa8e34bc000 ---p 0003f000 08:06 85318 /usr/lib/libibus.so.1.0.0Aborted

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: evolution 2.28.3-0ubuntu10
ProcVersionSignature: Ubuntu 2.6.32-22.36-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-22-generic x86_64
NonfreeKernelModules: fglrx
Architecture: amd64
Date: Wed Jul 21 09:33:08 2010
ProcEnviron:
PATH=(custom, user)
LANG=en_EU.utf8
SHELL=/bin/bash
SourcePackage: evolution

Tags:

Revision history for this message

Anze Zagar (anze-zagar) wrote on 2010-07-21:

Dependencies.txt Edit (7.1 KiB, text/plain; charset="utf-8")

Revision history for this message

Pedro Villavicencio (pedro) wrote on 2010-07-21:

Thanks for the report, may you please attach that file to the report? Thanks.

Changed in evolution (Ubuntu):
importance:	Undecided → Medium
status:	New → Incomplete

Revision history for this message

Anze Zagar (anze-zagar) wrote on 2010-07-26:

Problematic winmail.dat file Edit (8.7 KiB, chemical/x-mopac-input)

It is obviously a ytnef library issue. The attached winmail.dat extracts ok with tnef-1.4.6-1 but with ytnef-2.6-2ubuntu1 & libytnef0-1.5-2 I get:

$ ytnef -f . winmail.dat
./calendar.vcf
*** buffer overflow detected ***: ytnef terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f3485df0207]
/lib/libc.so.6(+0xfe0c0)[0x7f3485def0c0]
/usr/lib/libytnef.so.0(DecompressRTF+0x3c)[0x7f34860764ec]
ytnef[0x4033b3]
ytnef[0x403b3a]
ytnef[0x40404f]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f3485d0fc4d]
ytnef[0x400cf9]
======= Memory map: ========
00400000-00406000 r-xp 00000000 08:06 28529 /usr/bin/ytnef
00605000-00606000 r--p 00005000 08:06 28529 /usr/bin/ytnef
00606000-00607000 rw-p 00006000 08:06 28529 /usr/bin/ytnef
01898000-018b9000 rw-p 00000000 00:00 0 [heap]
7f3485ada000-7f3485af0000 r-xp 00000000 08:06 21166 /lib/libgcc_s.so.1
7f3485af0000-7f3485cef000 ---p 00016000 08:06 21166 /lib/libgcc_s.so.1
7f3485cef000-7f3485cf0000 r--p 00015000 08:06 21166 /lib/libgcc_s.so.1
7f3485cf0000-7f3485cf1000 rw-p 00016000 08:06 21166 /lib/libgcc_s.so.1
7f3485cf1000-7f3485e6b000 r-xp 00000000 08:06 16179 /lib/libc-2.11.1.so
7f3485e6b000-7f348606a000 ---p 0017a000 08:06 16179 /lib/libc-2.11.1.so
7f348606a000-7f348606e000 r--p 00179000 08:06 16179 /lib/libc-2.11.1.so
7f348606e000-7f348606f000 rw-p 0017d000 08:06 16179 /lib/libc-2.11.1.so
7f348606f000-7f3486074000 rw-p 00000000 00:00 0
7f3486074000-7f348607b000 r-xp 00000000 08:06 30693 /usr/lib/libytnef.so.0.0.0
7f348607b000-7f348627a000 ---p 00007000 08:06 30693 /usr/lib/libytnef.so.0.0.0
7f348627a000-7f348627b000 r--p 00006000 08:06 30693 /usr/lib/libytnef.so.0.0.0
7f348627b000-7f3486289000 rw-p 00007000 08:06 30693 /usr/lib/libytnef.so.0.0.0
7f3486289000-7f348628a000 rw-p 00000000 00:00 0
7f348628a000-7f34862aa000 r-xp 00000000 08:06 9765 /lib/ld-2.11.1.so
7f348647d000-7f3486480000 rw-p 00000000 00:00 0
7f34864a6000-7f34864aa000 rw-p 00000000 00:00 0
7f34864aa000-7f34864ab000 r--p 00020000 08:06 9765 /lib/ld-2.11.1.so
7f34864ab000-7f34864ac000 rw-p 00021000 08:06 9765 /lib/ld-2.11.1.so
7f34864ac000-7f34864ad000 rw-p 00000000 00:00 0
7fff5e5c7000-7fff5e5dc000 rw-p 00000000 00:00 0 [stack]
7fff5e5ff000-7fff5e600000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Aborted

It is obviously a ytnef library issue. The attached winmail.dat extracts ok with tnef-1.4.6-1 but with ytnef-2.6-2ubuntu1 & libytnef0-1.5-2 I get:

$ ytnef -f . winmail.dat 
./calendar.vcf
*** buffer overflow detected ***: ytnef terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f3485df0207]
/lib/libc.so.6(+0xfe0c0)[0x7f3485def0c0]
/usr/lib/libytnef.so.0(DecompressRTF+0x3c)[0x7f34860764ec]
ytnef[0x4033b3]
ytnef[0x403b3a]
ytnef[0x40404f]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f3485d0fc4d]
ytnef[0x400cf9]
======= Memory map: ========
00400000-00406000 r-xp 00000000 08:06 28529                              /usr/bin/ytnef
00605000-00606000 r--p 00005000 08:06 28529                              /usr/bin/ytnef
00606000-00607000 rw-p 00006000 08:06 28529                              /usr/bin/ytnef
01898000-018b9000 rw-p 00000000 00:00 0                                  [heap]
7f3485ada000-7f3485af0000 r-xp 00000000 08:06 21166                      /lib/libgcc_s.so.1
7f3485af0000-7f3485cef000 ---p 00016000 08:06 21166                      /lib/libgcc_s.so.1
7f3485cef000-7f3485cf0000 r--p 00015000 08:06 21166                      /lib/libgcc_s.so.1
7f3485cf0000-7f3485cf1000 rw-p 00016000 08:06 21166                      /lib/libgcc_s.so.1
7f3485cf1000-7f3485e6b000 r-xp 00000000 08:06 16179                      /lib/libc-2.11.1.so
7f3485e6b000-7f348606a000 ---p 0017a000 08:06 16179                      /lib/libc-2.11.1.so
7f348606a000-7f348606e000 r--p 00179000 08:06 16179                      /lib/libc-2.11.1.so
7f348606e000-7f348606f000 rw-p 0017d000 08:06 16179                      /lib/libc-2.11.1.so
7f348606f000-7f3486074000 rw-p 00000000 00:00 0 
7f3486074000-7f348607b000 r-xp 00000000 08:06 30693                      /usr/lib/libytnef.so.0.0.0
7f348607b000-7f348627a000 ---p 00007000 08:06 30693                      /usr/lib/libytnef.so.0.0.0
7f348627a000-7f348627b000 r--p 00006000 08:06 30693                      /usr/lib/libytnef.so.0.0.0
7f348627b000-7f3486289000 rw-p 00007000 08:06 30693                      /usr/lib/libytnef.so.0.0.0
7f3486289000-7f348628a000 rw-p 00000000 00:00 0 
7f348628a000-7f34862aa000 r-xp 00000000 08:06 9765                       /lib/ld-2.11.1.so
7f348647d000-7f3486480000 rw-p 00000000 00:00 0 
7f34864a6000-7f34864aa000 rw-p 00000000 00:00 0 
7f34864aa000-7f34864ab000 r--p 00020000 08:06 9765                       /lib/ld-2.11.1.so
7f34864ab000-7f34864ac000 rw-p 00021000 08:06 9765                       /lib/ld-2.11.1.so
7f34864ac000-7f34864ad000 rw-p 00000000 00:00 0 
7fff5e5c7000-7fff5e5dc000 rw-p 00000000 00:00 0                          [stack]
7fff5e5ff000-7fff5e600000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Aborted

Revision history for this message

Markus Gonaus (magonaus) wrote on 2010-08-01:

Download full text (6.7 KiB)

I see the same bug, but a slightly different backtrace:

I see the same bug, but a slightly different backtrace:

/home/markus/.evolution/cache/tmp/tnef-attachment-tzTE6x/calendar.vcf
*** buffer overflow detected ***: evolution terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f225cd56207]
/lib/libc.so.6(+0xfe0c0)[0x7f225cd550c0]
/usr/lib/libytnef.so.0(DecompressRTF+0x3c)[0x7f224e96c4ec]
/usr/lib/evolution/2.28/plugins/liborg-gnome-tnef-attachments.so(saveVCalendar+0x3f3)[0x7f224eb841b3]
/usr/lib/evolution/2.28/plugins/liborg-gnome-tnef-attachments.so(processTnef+0x28d)[0x7f224eb8490d]
/usr/lib/evolution/2.28/plugins/liborg-gnome-tnef-attachments.so(org_gnome_format_tnef+0xfc)[0x7f224eb84d8c]
/usr/lib/evolution/2.28/libeutil.so.0(+0x2b192)[0x7f2266e79192]
/usr/lib/evolution/2.28/components/libevolution-mail.so(+0x37c72)[0x7f2252385c72]
/usr/lib/evolution/2.28/components/libevolution-mail.so(+0x3b1d7)[0x7f22523891d7]
/usr/lib/evolution/2.28/libevolution-mail-shared.so.0(em_format_part_as+0xfd)[0x7f22520fe41d]
/usr/lib/evolution/2.28/libevolution-mail-shared.so.0(em_format_part+0x52)[0x7f22520fe5e2]
/usr/lib/evolution/2.28/libevolution-mail-shared.so.0(+0x54302)[0x7f22520ff302]
/usr/lib/evolution/2.28/libevolution-mail-shared.so.0(em_format_part_as+0x15e)[0x7f22520fe47e]
/usr/lib/evolution/2.28/libevolution-mail-shared.so.0(em_format_part+0x52)[0x7f22520fe5e2]
/usr/lib/evolution/2.28/components/libevolution-mail.so(+0x3e0ee)[0x7f225238c0ee]
/usr/lib/evolution/2.28/components/libevolution-mail.so(+0x3ce60)[0x7f225238ae60]
/usr/lib/evolution/2.28/libevolution-mail-shared.so.0(+0x691df)[0x7f22521141df]
/lib/libglib-2.0.so.0(+0x69a5f)[0x7f225d043a5f]
/lib/libglib-2.0.so.0(+0x67b84)[0x7f225d041b84]
/lib/libpthread.so.0(+0x69ca)[0x7f2263c569ca]
/lib/libc.so.6(clone+0x6d)[0x7f225cd3d6fd]
======= Memory map: ========
00400000-00420000 r-xp 00000000 08:01 5900579                            /usr/bin/evolution
00620000-00621000 r--p 00020000 08:01 5900579                            /usr/bin/evolution
00621000-00625000 rw-p 00021000 08:01 5900579                            /usr/bin/evolution
025af000-02fad000 rw-p 00000000 00:00 0                                  [heap]
7f2233424000-7f2233485000 rw-p 00000000 00:00 0 
7f2233485000-7f2233487000 r-xp 00000000 08:01 5906252                    /usr/lib/gconv/ISO8859-1.so
7f2233487000-7f2233686000 ---p 00002000 08:01 5906252                    /usr/lib/gconv/ISO8859-1.so
7f2233686000-7f2233687000 r--p 00001000 08:01 5906252                    /usr/lib/gconv/ISO8859-1.so
7f2233687000-7f2233688000 rw-p 00002000 08:01 5906252                    /usr/lib/gconv/ISO8859-1.so
7f2233688000-7f2233689000 ---p 00000000 00:00 0 
7f2233689000-7f2233e89000 rw-p 00000000 00:00 0 
7f223421b000-7f223426a000 r--p 00000000 08:01 29963                      /usr/share/fonts/truetype/ttf-dejavu/DejaVuSansMono.ttf
7f223426a000-7f2234282000 r-xp 00000000 08:01 5900545                    /usr/lib/evolution/2.28/plugins/liborg-gnome-groupwise-features.so
7f2234282000-7f2234481000 ---p 00018000 08:01 5900545                    /usr/lib/evolution/2.28/plugins/liborg-gnome-groupwise-features.so
7f2234481000-7f2234482000 r--p 00017000 08:01 5900545                    /usr/lib/evolution/2.28/plugins/liborg-gnome-groupwise-features.so
7f2234482000-7f2234483000 rw-p 00018000 08:01 5900545                    /usr/lib/evolution/2.28/plugins/liborg-gnome-groupwise-features.so
7f2234483000-7f2234489000 r-xp 00000000 08:01 5900629                    /usr/lib/evolution/2.28/plugins/liborg-gnome-mail-notification.so
7f2234489000-7f2234688000 ---p 00006000 08:01 5900629                    /usr/lib/evolution/2.28/plugins/liborg-gnome-mail-notification.so
7f2234688000-7f2234689000 r--p 00005000 08:01 5900629                    /usr/lib/evolution/2.28/plugins/liborg-gnome-mail-notification.so
7f2234689000-7f223468a000 rw-p 00006000 08:01 5900629                    /usr/lib/evolution/2.28/plugins/liborg-gnome-mail-notification.so
7f223468a000-7f2234690000 r-xp 00000000 08:01 5907979                    /usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-gif.so
7f2234690000-7f223488f000 ---p 00006000 08:01 5907979                    /usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-gif.so
7f223488f000-7f2234890000 r--p 00005000 08:01 5907979                    /usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-gif.so
7f2234890000-7f2234891000 rw-p 00006000 08:01 5907979                    /usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-gif.so
7f2234891000-7f2234892000 ---p 00000000 00:00 0 
7f2234892000-7f2235092000 rw-p 00000000 00:00 0 
7f2235092000-7f223509a000 r-xp 00000000 08:01 5900561                    /usr/lib/evolution/2.28/plugins/liborg-gnome-evolution-google.so
7f223509a000-7f2235299000 ---p 00008000 08:01 5900561                    /usr/lib/evolution/2.28/plugins/liborg-gnome-evolution-google.so
7f2235299000-7f223529a000 r--p 00007000 08:01 5900561                    /usr/lib/evolution/2.28/plugins/liborg-gnome-evolution-google.so
7f223529a000-7f223529b000 rw-p 00008000 08:01 5900561                    /usr/lib/evolution/2.28/plugins/liborg-gnome-evolution-google.so
7f223529b000-7f22352a9000 r-xp 00000000 08:01 5898422                    /usr/lib/libdbusmenu-glib.so.1.0.6
7f22352a9000-7f22354a9000 ---p 0000e000 08:01 5898422                    /usr/lib/libdbusmenu-glib.so.1.0.6
7f22354a9000-7f22354aa000 r--p 0000e000 08:01 5898422                    /usr/lib/libdbusmenu-glib.so.1.0.6
7f22354aa000-7f22354ab000 rw-p 0000f000 08:01 5898422                    /usr/lib/libdbusmenu-glib.so.1.0.6
7f22354ab000-7f22354ba000 r-xp 00000000 08:01 5901687                    /usr/lib/libindicate.so.4.0.2
7f22354ba000-7f22356b9000 ---p 0000f000 08:01 5901687                    /usr/lib/libindicate.so.4.0.2
7f22356b9000-7f22356ba000 r--p 0000e000 08:01 5901687                    /usr/lib/libindicate.so.4.0.2
7f22356ba000-7f22356bb000 rw-p 0000f000 08:01 5901687                    /usr/lib/libindicate.so.4.0.2
7f22356bb000-7f22356c2000 r-xp 00000000 08:01 5904090                    /usr/lib/evolution/2.28/plugins/liborg-freedesktop-evolution-indicator.so
7f22356c2000-7f22358c1000 ---p 00007000 08:01 5904090                    /usr/lib/evolution/2.28/plugins/liborg-freedesktop-evolution-indicator.soAborted

And the calendar file that caused this:
markus@markus-desktop:~$ cat /home/markus/.evolution/cache/tmp/tnef-attachment-tzTE6x/calendar.vcf
BEGIN:VCALENDAR
METHOD:REQUEST
VERSION:2.0
BEGIN:VEVENT
UID:040000008200E00074C5B7101A82E00800000000C0E706E3902ECB01000000000000000010000000008B6D1FB78A264BB76921A932BADD7B
SEQUENCE:0
ATTENDEE;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RSVP=TRUE;CN="Markus Gonaus [magonaus@rechnerservice.at]":MAILTO:Markus Gonaus [magonaus@rechnerservice.at]
SUMMARY:Besprechung: xxxxxxcensored for privacyxxxxxx

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-12-17:

[Expired for evolution (Ubuntu) because there has been no activity for 60 days.]

Changed in evolution (Ubuntu):
status:	Incomplete → Expired

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuevolution package

Buffer overflow when opening mail with calendar.vcf tnef attachment

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
evolution package