CVE-2007-1268
EPSS 1.4%
Description
Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
How to fix CVE-2007-1268
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- Debian/mutt—no fix listed
Is CVE-2007-1268 being exploited?
Low — EPSS is 1.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0