Remote / Network Access,
Local / Remote,
Loss of Confidentiality,
Loss of Integrity
mutt contains a flaw that may allow a remote attacker to use an IMAP server to execute arbitrary code on the vulnerable machine. The issue is triggered when an IMAP server sends messages to the mutt client. It is possible for an attacker to use an IMAP server to send specially crafted messages that may allow the execution of arbitrary code.
Upgrade to version 1.2.5i or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.