CVE-2012-1103

high

Description

emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message.

References

http://www.securityfocus.com/bid/52155

http://www.debian.org/security/2012/dsa-2416

http://secunia.com/advisories/48139

http://notmuchmail.org/news/release-0.11.1/

Details

Source: Mitre, NVD

Published: 2012-09-25

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00673