CVE-2012-1103

notmuch < 0.11.1 - Arbitrary File Read via MML Tag Handling in Emacs Interface

Title source: llm
STIX 2.1

Description

emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message.

References (7)

Core 7
Core References
Vendor Advisory x_refsource_confirm
http://notmuchmail.org/news/release-0.11.1/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/52155
Exploit, Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/05/6
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2416
Exploit, Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/04/5
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48139

Scores

EPSS 0.0231
EPSS Percentile 81.4%

Details

CWE
CWE-20
Status published
Products (17)
notmuchmail/notmuch 0.1
notmuchmail/notmuch 0.1.1
notmuchmail/notmuch 0.2
notmuchmail/notmuch 0.3
notmuchmail/notmuch 0.3.1
notmuchmail/notmuch 0.4
notmuchmail/notmuch 0.5
notmuchmail/notmuch 0.6 (3 CPE variants)
notmuchmail/notmuch 0.6.1
notmuchmail/notmuch 0.7 (2 CPE variants)
... and 7 more
Published Sep 25, 2012
Tracked Since Feb 18, 2026