Unrated severityNVD Advisory· Published Sep 25, 2012· Updated Apr 29, 2026
CVE-2012-1103
CVE-2012-1103
Description
emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message.
Affected products
30cpe:2.3:a:notmuchmail:notmuch:*:*:*:*:*:*:*:*+ 29 more
- cpe:2.3:a:notmuchmail:notmuch:*:*:*:*:*:*:*:*range: <=0.11
- cpe:2.3:a:notmuchmail:notmuch:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.10:*:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.10:rc1:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.10:rc2:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.11:rc1:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.11:rc2:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.11:rc2-1:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.11:rc3:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.11:rc3-1:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.6:254:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.7:rc1:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.8:rc0:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.8:rc1:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.9:rc1:*:*:*:*:*:*
- cpe:2.3:a:notmuchmail:notmuch:0.9:rc2:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.openwall.com/lists/oss-security/2012/03/04/5nvdExploitPatch
- www.openwall.com/lists/oss-security/2012/03/05/6nvdExploitPatch
- notmuchmail.org/news/release-0.11.1/nvdVendor Advisory
- secunia.com/advisories/48139nvdVendor Advisory
- www.debian.org/security/2012/dsa-2416nvd
- www.securityfocus.com/bid/52155nvd
News mentions
0No linked articles in our index yet.