CVE-2014-9116

Published: 02 December 2014

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.

Priority

Medium

Status

Package Release Status
mutt
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.5.21-6.4ubuntu2.1])
Patches:
upstream: http://dev.mutt.org/trac/attachment/ticket/3716/ticket-3716-stable.patch