CVE-2003-0143

CVE Database · CVE-2003-0143

CVE-2003-0143

· N/AModified

CVSS v3.1

N/A

EPSS

8.60%

Published

Mar 18, 2003

Modified

Apr 15, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBQpopper 4.0.x - Remote Memory Corruption TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name.

Affected Products (4)

qualcomm · qpoppervulnerable

References (16)

http://marc.info/?l=bugtraq&m=104739841223916&w=2

http://marc.info/?l=bugtraq&m=104748775900481&w=2

http://marc.info/?l=bugtraq&m=104768137314397&w=2

http://marc.info/?l=bugtraq&m=104792541215354&w=2

http://www.debian.org/security/2003/dsa-259

PatchVendor Advisory

http://www.novell.com/linux/security/advisories/2003_018_qpopper.html

http://www.securityfocus.com/bid/7058

ExploitPatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/11516

http://marc.info/?l=bugtraq&m=104739841223916&w=2

KEV Catalog EPSS Scores Vendors All CVEs