Mutt GnuPG Arbitrary Content Injection Vulnerability

Mutt GnuPG Arbitrary Content Injection Vulnerability

Mutt is prone to a vulnerability that may allow an attacker to add arbitrary content into a message without the end user knowing.

An attacker may be able to exploit this issue to add arbitrary content into a GnuPG signed and/or encrypted message.

This vulnerability is due to the weakness discussed in BID 22757 (GnuPG Signed Message Arbitrary Content Injection Weakness) and has been assigned its own BID because of the specific way that Mutt uses GnuPG.

This issue affects Mutt versions prior to and including 1.5.13.