CVE-2017-16844

Publication date 16 November 2017

Last updated 25 August 2025

Ubuntu priority

High

Why this priority?

Cvss 3 Severity Score

9.8 · Critical

Score breakdown

Description

Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.

Status

Package Ubuntu Release Status
procmail 17.10 artful
Fixed 3.22-25ubuntu0.17.10.1
17.04 zesty
Fixed 3.22-25ubuntu0.17.04.1
16.04 LTS xenial
Fixed 3.22-25ubuntu0.16.04.1
14.04 LTS trusty
Fixed 3.22-21ubuntu0.2

Severity score breakdown

CVSS version: CVSS v3.0

Base score 9.8 · Critical

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-3483-1
    • procmail vulnerability
    • 20 November 2017
    • USN-3483-2
    • procmail vulnerability
    • 21 November 2017

Other references

Access our resources on patching vulnerabilities