CVE-2014-9116

EPSS 3.5%

mutt - security update

Published: 12/2/2014Modified: 4/28/2026

Also known as:DEBIAN-CVE-2014-9116

Description

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.

Affected packages (3)

Debian/muttfrom 0, < 1.5.23-2
Debian/muttfrom 0, < 1.5.20-9+squeeze4
Debian/muttfrom 0, < 1.5.21-6.2+deb7u3

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-9116