usn-7730-1
Vulnerability from osv_ubuntu
Published
2025-09-02 18:37
Modified
2026-04-22 07:37
Summary
kf5-messagelib vulnerabilities
Details

Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk discovered that PIM Messagelib could be made to leak the plaintext of S/MIME encrypted emails when retrieving external content in emails. Under certain configurations, if a user were tricked into opening a specially crafted email using an application linked against PIM Messagelib, an attacker could possibly use this issue to obtain the plaintext of an encrypted email. This update mitigates the issue by preventing automatic loading of external content. (CVE-2017-17689)

Jens Müller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel, and Jörg Schwenk discovered that PIM Messagelib could be made to leak the plaintext of S/MIME or PGP encrypted emails. If a user were tricked into replying to a specially crafted email using an application linked against PIM Messagelib, an attacker could possibly use this issue to obtain the plaintext of an encrypted email. (CVE-2019-10732)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2017-17689",
              "severity": [
                {
                  "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2019-10732",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:Pro:18.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "kf5-messagelib-data",
            "binary_version": "4:17.12.3-0ubuntu3+esm1"
          },
          {
            "binary_name": "libkf5messagecomposer5abi2",
            "binary_version": "4:17.12.3-0ubuntu3+esm1"
          },
          {
            "binary_name": "libkf5messagecore5abi2",
            "binary_version": "4:17.12.3-0ubuntu3+esm1"
          },
          {
            "binary_name": "libkf5messagelist5abi1",
            "binary_version": "4:17.12.3-0ubuntu3+esm1"
          },
          {
            "binary_name": "libkf5messageviewer-plugins",
            "binary_version": "4:17.12.3-0ubuntu3+esm1"
          },
          {
            "binary_name": "libkf5messageviewer5abi4",
            "binary_version": "4:17.12.3-0ubuntu3+esm1"
          },
          {
            "binary_name": "libkf5mimetreeparser5abi2",
            "binary_version": "4:17.12.3-0ubuntu3+esm1"
          },
          {
            "binary_name": "libkf5templateparser5abi2",
            "binary_version": "4:17.12.3-0ubuntu3+esm1"
          },
          {
            "binary_name": "libkf5webengineviewer5abi3",
            "binary_version": "4:17.12.3-0ubuntu3+esm1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:18.04:LTS",
        "name": "kf5-messagelib",
        "purl": "pkg:deb/ubuntu/kf5-messagelib@4:17.12.3-0ubuntu3+esm1?arch=source\u0026distro=esm-apps/bionic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4:17.12.3-0ubuntu3+esm1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4:17.04.3-0ubuntu1",
        "4:17.04.3-0ubuntu2",
        "4:17.08.3-0ubuntu1",
        "4:17.08.3-0ubuntu2",
        "4:17.12.2-0ubuntu3",
        "4:17.12.3-0ubuntu2",
        "4:17.12.3-0ubuntu3"
      ]
    }
  ],
  "aliases": [],
  "details": "Damian Poddebniak, Christian Dresen, Jens M\u00fcller, Fabian Ising,\nSebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and J\u00f6rg\nSchwenk discovered that PIM Messagelib could be made to leak the plaintext\nof S/MIME encrypted emails when retrieving external content in emails.\nUnder certain configurations, if a user were tricked into opening a\nspecially crafted email using an application linked against PIM Messagelib,\nan attacker could possibly use this issue to obtain the plaintext of an\nencrypted email. This update mitigates the issue by preventing automatic\nloading of external content. (CVE-2017-17689)\n\nJens M\u00fcller, Marcus Brinkmann, Damian Poddebniak, Sebastian Schinzel,\nand J\u00f6rg Schwenk discovered that PIM Messagelib could be made to leak the\nplaintext of S/MIME or PGP encrypted emails. If a user were tricked into\nreplying to a specially crafted email using an application linked\nagainst PIM Messagelib, an attacker could possibly use this issue to obtain\nthe plaintext of an encrypted email. (CVE-2019-10732)",
  "id": "USN-7730-1",
  "modified": "2026-04-22T07:37:23Z",
  "published": "2025-09-02T18:37:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-7730-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2017-17689"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2019-10732"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "kf5-messagelib vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2017-17689",
    "UBUNTU-CVE-2019-10732"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…