Procmail vulnerabilities

CVE-2017-16844 [CRITICAL] CVE-2017-16844: Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows r Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.

CVE-2014-3618 [HIGH] CWE-119 CVE-2014-3618: Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes."

CVE-2001-0905 [MEDIUM] CVE-2001-0905: Race condition in signal handling of procmail 3.20 and earlier, when running setuid, allows local us Race condition in signal handling of procmail 3.20 and earlier, when running setuid, allows local users to cause a denial of service or gain root privileges by sending a signal while a signal handling routine is already running.

CVE-1999-0439 [HIGH] CVE-1999-0439: Buffer overflow in procmail before version 3.12 allows remote or local attackers to execute commands Buffer overflow in procmail before version 3.12 allows remote or local attackers to execute commands via expansions in the procmailrc configuration file.