7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.926 High
EPSS
Percentile
99.0%
Metamail is a program that decodes MIME encoded mail. It is therefore often automatically called when an email is received or read.
Ulf Harnhammar found two format string bugs and two buffer overflow bugs in Metamail.
A remote attacker could send a malicious email message and execute arbitrary code with the rights of the process calling the Metamail program.
There is no known workaround at this time.
All users of Metamail should upgrade to the latest stable version:
# emerge sync
# emerge -pv ">=net-mail/metamail-2.7.45.3"
# emerge ">=net-mail/metamail-2.7.45.3"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | net-mail/metamail | < 2.7.45.3 | UNKNOWN |