Aggregates CVE and security vulnerability intelligence across all mutt-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow, vendor risk memory corruption, vendor risk input validation, and vendor risk path handling and related problems; some flaws may lead to vendor impact memory corruption.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-14359 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data. | [email protected] | 9.8 | 4.10% | 2018-07-17 | 2026-06-16 |
| CVE-2018-14358 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field. | [email protected] | 9.8 | 3.91% | 2018-07-17 | 2026-06-16 |
| CVE-2018-14357 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription. | [email protected] | 9.8 | 4.95% | 2018-07-17 | 2026-06-16 |
| CVE-2018-14356 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID. | [email protected] | 9.8 | 3.17% | 2018-07-17 | 2026-06-16 |
| CVE-2018-14355 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name. | [email protected] | 5.3 | 3.32% | 2018-07-17 | 2026-06-16 |
| CVE-2018-14354 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription. | [email protected] | 9.8 | 6.23% | 2018-07-17 | 2026-06-16 |
| CVE-2018-14353 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow. | [email protected] | 9.8 | 3.70% | 2018-07-17 | 2026-06-16 |
| CVE-2018-14352 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow. | [email protected] | 9.8 | 4.02% | 2018-07-17 | 2026-06-16 |
| CVE-2018-14351 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size. | [email protected] | 9.8 | 3.17% | 2018-07-17 | 2026-06-16 |
| CVE-2018-14350 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field. | [email protected] | 9.8 | 5.02% | 2018-07-17 | 2026-06-16 |
| CVE-2018-14349 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message. | [email protected] | 9.8 | 3.17% | 2018-07-17 | 2026-06-16 |
| CVE-2014-9116 | The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function. | [email protected] | 5.0 | 9.69% | 2014-12-02 | 2026-06-16 |
| CVE-2014-0467 | Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion. | [email protected] | 5.0 | 5.16% | 2014-03-14 | 2026-06-16 |
| CVE-2011-1429 | Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766. | [email protected] | 5.8 | 1.47% | 2011-03-16 | 2026-06-16 |
| CVE-2009-3766 | mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | [email protected] | 6.8 | 1.14% | 2009-10-23 | 2026-06-16 |
| CVE-2009-3765 | mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | [email protected] | 6.8 | 1.08% | 2009-10-23 | 2026-06-16 |
| CVE-2009-1390 | Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack. | [email protected] | 6.8 | 1.92% | 2009-06-16 | 2026-06-16 |
| CVE-2007-2683 | Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion. | [email protected] | 3.5 | 0.80% | 2007-05-15 | 2026-06-16 |
| CVE-2007-1268 | Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | [email protected] | 5.0 | 2.74% | 2007-03-06 | 2026-06-16 |
| CVE-2006-5298 | The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls. | [email protected] | 1.2 | 0.30% | 2006-10-16 | 2026-06-16 |