CVE-2003-0167 | Vulnerability Database | Aqua Security

Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140.

Affected Software

Name	Vendor	Start Version	End Version
Mutt	Mutt	1.3.12 (including)	1.3.12 (including)
Mutt	Mutt	1.3.12.1 (including)	1.3.12.1 (including)
Mutt	Mutt	1.3.16 (including)	1.3.16 (including)
Mutt	Mutt	1.3.17 (including)	1.3.17 (including)
Mutt	Mutt	1.3.22 (including)	1.3.22 (including)
Mutt	Mutt	1.3.24 (including)	1.3.24 (including)
Mutt	Mutt	1.3.25 (including)	1.3.25 (including)
Mutt	Mutt	1.3.27 (including)	1.3.27 (including)
Mutt	Mutt	1.3.28 (including)	1.3.28 (including)
Balsa	Ubuntu	dapper	*
Balsa	Ubuntu	devel	*
Balsa	Ubuntu	edgy	*
Balsa	Ubuntu	feisty	*

References

http://www.debian.org/security/2003/dsa-274
http://www.debian.org/security/2003/dsa-300
http://www.securityfocus.com/bid/7229

NVD	https://nvd.nist.gov/vuln/detail/CVE-2003-0167
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html