Skip to main content

CVE-2007-1268

Severity Medium
Score 5/10

Summary

Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.

  • LOW
  • NETWORK
  • NONE
  • PARTIAL
  • NONE
  • NONE

References

Advisory Timeline

  • Published