Aggregates CVE and security vulnerability intelligence across all mutt-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow, vendor risk memory corruption, vendor risk input validation, and vendor risk path handling and related problems; some flaws may lead to vendor impact memory corruption.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2006-5297 | Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems. | [email protected] | 1.2 | 0.34% | 2006-10-16 | 2026-06-16 |
| CVE-2006-3242 | Stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt 1.4.2.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server. | [email protected] | 7.5 | 5.89% | 2006-06-27 | 2026-06-16 |
| CVE-2005-2642 | Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt 1.5.10 allows remote attackers to execute arbitrary code, possibly due to interactions with libiconv or gettext. | [email protected] | 7.5 | 4.48% | 2005-08-23 | 2026-06-16 |
| CVE-2004-0078 | Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages. | [email protected] | 7.5 | 5.43% | 2004-03-03 | 2026-06-16 |
| CVE-2003-0300 | The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. | [email protected] | 5.0 | 3.36% | 2003-06-16 | 2026-06-16 |
| CVE-2003-0299 | The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large mailbox size values that cause either integer signedness errors or integer overflow errors. | [email protected] | 7.5 | 2.10% | 2003-06-16 | 2026-06-16 |
| CVE-2003-0167 | Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140. | [email protected] | 7.5 | 2.54% | 2003-04-02 | 2026-06-16 |
| CVE-2003-0140 | Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder. | [email protected] | 7.5 | 4.49% | 2003-03-24 | 2026-06-16 |
| CVE-2002-0001 | Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list. | [email protected] | 7.5 | 3.37% | 2002-02-27 | 2026-06-16 |
| CVE-2001-0473 | Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands. | [email protected] | 7.5 | 2.06% | 2001-06-27 | 2026-06-16 |
| CVE-1999-0940 | Buffer overflow in mutt mail client allows remote attackers to execute commands via malformed MIME messages. | [email protected] | 7.5 | 2.66% | 1999-09-27 | 2026-06-16 |
| CVE-1999-0941 | Mutt mail client allows a remote attacker to execute commands via shell metacharacters. | [email protected] | 7.5 | 1.86% | 1998-07-28 | 2026-06-16 |