Invalid format of RFC parameter passed to atoi() function in rfc2231.c could lead to unexpected behavior.
Created mutt tracking bugs for this issue:
Affects: fedora-all [bug 1710398]
RFC 2231 (https://tools.ietf.org/html/rfc2231) corresponds to parsing MIME parameters and encoded extensions. The flaw could be exploited by a specially crafted (spam) email header. The effects depend on the value passed to atoi and its implementation.
Testing this on Red Hat Enterprise Linux as follows yields no crash:
[huzaifas@babylon ~]$ cat a.c
[huzaifas@babylon ~]$ gcc a.c
[huzaifas@babylon ~]$ ./a.out
So its quite possible that the impact is really minimal or a very long string is required to be parsed.
Upstream patch: https://gitlab.com/muttmua/mutt/commit/3b6f6b829718ec8a7cf3eb6997d86e83e6c38567