CVE-2026-44844 eml_parser: Recursion DoS via nested message/rfc822 attachments

emlparser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to 3.0.1, EmlParser.getrawbodytext recurses unconditionally for every nested message/rfc822 attachment without any depth limit. An attacker who ca...

CVE-2026-44844 eml_parser: Recursion DoS via nested message/rfc822 attachments

emlparser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to 3.0.1, EmlParser.getrawbodytext recurses unconditionally for every nested message/rfc822 attachment without any depth limit. An attacker who ca...

eml_parser 安全漏洞

EmlParser is an open-source Python library for parsing email files, developed by GOVCERT.LU. Versions of EmlParser prior to 3.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of EmlParser.getrawbodytext, which performed unrestricted recursive processing on nested...

GHSA-G47V-RWMH-R9F8 eml_parser has recursion DoS via nested message/rfc822 attachments

Summary EmlParser.getrawbodytext recurses unconditionally for every nested message/rfc822 attachment without any depth limit. An attacker who can supply a badly crafted EML file with approximately 120 nested message/rfc822 parts triggers an unhandled RecursionError and aborts parsing of the...

eml_parser has recursion DoS via nested message/rfc822 attachments

Summary EmlParser.getrawbodytext recurses unconditionally for every nested message/rfc822 attachment without any depth limit. An attacker who can supply a badly crafted EML file with approximately 120 nested message/rfc822 parts triggers an unhandled RecursionError and aborts parsing of the...

Uncontrolled Recursion

Overview eml-parser is a Python EML parser library Affected versions of this package are vulnerable to Uncontrolled Recursion through the getrawbodytext function. An attacker can cause the application to crash by supplying an email file with deeply nested message/rfc822 attachments, leading to...

CVE-2025-3909

Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened,...

DEBIAN-CVE-2025-3909

Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened,...

UBUNTU-CVE-2025-3909

Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened,...