CVE-2007-2683

Description

Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.

How to fix CVE-2007-2683

To remediate CVE-2007-2683, upgrade the affected package to a fixed version below.

• Debian/mutt—upgrade to 1.5.15+20070608-1 or later

Is CVE-2007-2683 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.5.15+20070608-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-2683