cvedb.io
CVE-2017-16844
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2017-11-16T15:29:00.510 · Last modified 2026-06-17T01:10:00.653

Summary

Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.

Affected products

procmail — procmail

Does this affect you?

Add your gear to cvedb and we'll alert you only when procmail ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.