Unrated severityNVD Advisory· Published Mar 6, 2007· Updated Apr 23, 2026

CVE-2007-1265

Description

KMail 1.9.5 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.

Affected products

KDE/Kmail26 versions
cpe:2.3:a:kde:k-mail:0.0.29.2:*:*:*:*:*:*:*+ 25 more
- cpe:2.3:a:kde:k-mail:0.0.29.2:*:*:*:*:*:*:*
- cpe:2.3:a:kde:k-mail:1.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:kde:k-mail:1.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:kde:k-mail:1.0.25:*:*:*:*:*:*:*
- cpe:2.3:a:kde:k-mail:1.0.26:*:*:*:*:*:*:*
- cpe:2.3:a:kde:k-mail:1.0.27:*:*:*:*:*:*:*
- cpe:2.3:a:kde:k-mail:1.0.28:*:*:*:*:*:*:*
- cpe:2.3:a:kde:k-mail:1.0.29:*:*:*:*:*:*:*
- cpe:2.3:a:kde:k-mail:1.0.29.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:k-mail:1.0.29.2:*:*:*:*:*:*:*
- cpe:2.3:a:kde:k-mail:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:k-mail:1.101:*:*:*:*:*:*:*
- cpe:2.3:a:kde:k-mail:1.102:*:*:*:*:*:*:*
- cpe:2.3:a:kde:k-mail:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:kde:k-mail:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:k-mail:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:k-mail:1.86.2.36:*:*:*:*:*:*:*
- cpe:2.3:a:kde:k-mail:1.87:*:*:*:*:*:*:*
- cpe:2.3:a:kde:k-mail:1.88:*:*:*:*:*:*:*
- cpe:2.3:a:kde:k-mail:1.89:*:*:*:*:*:*:*
- cpe:2.3:a:kde:k-mail:1.90:*:*:*:*:*:*:*
- cpe:2.3:a:kde:k-mail:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:k-mail:1.92:*:*:*:*:*:*:*
- cpe:2.3:a:kde:k-mail:1.93:*:*:*:*:*:*:*
- cpe:2.3:a:kde:k-mail:1.94:*:*:*:*:*:*:*
- cpe:2.3:a:kde:k-mail:1.95:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000