mutt
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting mutt.
- CVE-2026-43864mutt before 2.3.2 has a show_sig_summary NULL pointer dereference.2.5
- CVE-2026-43863mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c.3.7
- CVE-2026-43862In mutt before 2.3.2, the imap_auth_gss security level is mishandled.3.7
- CVE-2026-43861mutt before 2.3.2 does not check for '\0' in url_pct_decode.3.7
- CVE-2026-43860mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest.3.7
- CVE-2026-43859mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP auth_cram MD5 digest.3.7
- CVE-2024-49395Mutt: neomutt: bcc email header field is indirectly leaked by cryptographic info block5.3
- CVE-2024-49394Mutt: neomutt: in-reply-to email header field it not protected by cryptograpic signing5.3
- CVE-2024-49393Mutt: neomutt: to and cc email header fields are not protected by cryptographic signing6.5
- CVE-2023-4874Undefined Behavior for Input to API in Mutt4.3
- CVE-2023-4875Undefined Behavior for Input to API in Mutt2.2
- CVE-2022-1328Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line4.3
- CVE-2021-32055Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ...9.1
- CVE-2021-3181rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address field...6.5
- CVE-2020-28896Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and...5.3