Mutt Mutt

13 CVEs affecting Mutt Mutt. Latest disclosed: 2026-05-04. Critical: 0, High: 0.

Top CVEs affecting Mutt Mutt
CVE	Severity	Score	Published	Summary
`CVE-2023-4874`	Medium	`4.3`	2023-09-09	Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12
`CVE-2022-1328`	Medium	`4.3`	2022-04-14	Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line
`CVE-2026-43863`	Low	`3.7`	2026-05-04	mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c.
`CVE-2026-43862`	Low	`3.7`	2026-05-04	In mutt before 2.3.2, the imap_auth_gss security level is mishandled.
`CVE-2026-43861`	Low	`3.7`	2026-05-04	mutt before 2.3.2 does not check for '\0' in url_pct_decode.
`CVE-2026-43860`	Low	`3.7`	2026-05-04	mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest.
`CVE-2026-43859`	Low	`3.7`	2026-05-04	mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP auth_cram MD5 digest.
`CVE-2026-43864`	Low	`2.5`	2026-05-04	mutt before 2.3.2 has a show_sig_summary NULL pointer dereference.
`CVE-2023-4875`	Low	`2.2`	2023-09-09	Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12
`CVE-2005-2351`			2019-11-01	Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files.
`CVE-2014-9116`			2014-12-02	The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a…
`CVE-2014-0467`			2014-03-14	Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to addr…
`CVE-2011-1429`			2011-03-16	Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to…