Invalid format of RFC parameter passed to atoi() function in rfc2231.c could lead to unexpected behavior. External References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929017
Created mutt tracking bugs for this issue: Affects: fedora-all [bug 1710398]
Analysis: RFC 2231 (https://tools.ietf.org/html/rfc2231) corresponds to parsing MIME parameters and encoded extensions. The flaw could be exploited by a specially crafted (spam) email header. The effects depend on the value passed to atoi and its implementation. Testing this on Red Hat Enterprise Linux as follows yields no crash: [huzaifas@babylon ~]$ cat a.c #include<stdlib.h> void main(void) { atoi("999999999999999999999999999999"); } [huzaifas@babylon ~]$ gcc a.c [huzaifas@babylon ~]$ ./a.out [huzaifas@babylon ~]$ So its quite possible that the impact is really minimal or a very long string is required to be parsed.
Upstream patch: https://gitlab.com/muttmua/mutt/commit/3b6f6b829718ec8a7cf3eb6997d86e83e6c38567