An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"
],
"vendor_product": "canonical:ubuntu_linux",
"extracted_events": [
{
"introduced": "16.04"
},
{
"last_affected": "16.04"
}
],
"source": "CPE_STRING"
},
{
"cpes": [
"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
],
"vendor_product": "debian:debian_linux",
"extracted_events": [
{
"introduced": "8.0"
},
{
"last_affected": "8.0"
},
{
"introduced": "9.0"
},
{
"last_affected": "9.0"
}
],
"source": "CPE_STRING"
}
]
}{
"cpe": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "20180716"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}[
{
"digest": {
"function_hash": "242334750473263574748904026117458705511",
"length": 3208.0
},
"target": {
"function": "cmd_parse_status",
"file": "imap/command.c"
},
"id": "CVE-2018-14351-41d7c448",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/neomutt/neomutt/commit/3c49c44be9b459d9c616bcaef6eb5d51298c1741",
"deprecated": false
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"259787242761162027860834235571477825879",
"75321328919565101483866371158624795441",
"338954100785068409618887254713988426046",
"312512035902477463148138565183740393345"
]
},
"target": {
"file": "imap/command.c"
},
"id": "CVE-2018-14351-9f8bb262",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/neomutt/neomutt/commit/3c49c44be9b459d9c616bcaef6eb5d51298c1741",
"deprecated": false
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14351.json"
"2026-07-08T20:30:09Z"
{
"cpe": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.10.1"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"259787242761162027860834235571477825879",
"75321328919565101483866371158624795441",
"338954100785068409618887254713988426046",
"312512035902477463148138565183740393345"
]
},
"target": {
"file": "imap/command.c"
},
"id": "CVE-2018-14351-0673da54",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://gitlab.com/muttmua/mutt@e57a8602b45f58edf7b3ffb61bb17525d75dfcb1",
"deprecated": false
},
{
"digest": {
"function_hash": "60775878127887181628566540557687469108",
"length": 3260.0
},
"target": {
"function": "cmd_parse_status",
"file": "imap/command.c"
},
"id": "CVE-2018-14351-b311b7b7",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://gitlab.com/muttmua/mutt@e57a8602b45f58edf7b3ffb61bb17525d75dfcb1",
"deprecated": false
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14351.json"
"2026-07-08T20:30:09Z"