CVE-2012-1103
notmuch < 0.11.1 - Arbitrary File Read via MML Tag Handling in Emacs Interface
Title source: llmDescription
emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message.
References (7)
Core 7
Core References
Vendor Advisory x_refsource_confirm
http://notmuchmail.org/news/release-0.11.1/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/52155
Exploit, Patch mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/05/6
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2416
Exploit, Patch x_refsource_confirm
http://git.notmuchmail.org/git/notmuch/blobdiff/3f2050ac221a4c940c12442f156f12fff11600c6..ae438ccd8c77831158c7c30f19710d798ee4a6b4:/emacs/notmuch-mua.el
Exploit, Patch mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/04/5
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48139
Scores
EPSS
0.0231
EPSS Percentile
81.4%
Details
CWE
CWE-20
Status
published
Products (17)
notmuchmail/notmuch
0.1
notmuchmail/notmuch
0.1.1
notmuchmail/notmuch
0.2
notmuchmail/notmuch
0.3
notmuchmail/notmuch
0.3.1
notmuchmail/notmuch
0.4
notmuchmail/notmuch
0.5
notmuchmail/notmuch
0.6 (3 CPE variants)
notmuchmail/notmuch
0.6.1
notmuchmail/notmuch
0.7 (2 CPE variants)
... and 7 more
Published
Sep 25, 2012
Tracked Since
Feb 18, 2026