cvedb.io
CVE-2019-10741
MEDIUM · CVSS 4.3
EPSS exploitation probability: 0%
Published 2019-04-07T15:29:00.450 · Last modified 2026-06-17T02:11:34.870

Summary

K-9 Mail v5.600 can include the original quoted HTML code of a specially crafted, benign looking, email within (digitally signed) reply messages. The quoted part can contain conditional statements that show completely different text if opened in a different email client. This can be abused by an attacker to obtain valid S/MIME or PGP signatures for arbitrary content to be displayed to a third party. NOTE: the vendor states "We don't plan to take any action because of this."

Affected products

k-9_mail_project — k-9_mail

Does this affect you?

Add your gear to cvedb and we'll alert you only when k-9_mail_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.