Diego Kelyacoubian

**Name of the Vulnerable Software and Affected Versions** Eye Of Gnome (EOG) versions 1.0.2 through 2.2.0 **Description** The issue allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display. This can lead to a disruption of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be carried out locally. **Recommendations** For versions 1.0.2 through 2.2.0, consider disabling the execution of arbitrary code via format string specifiers in command line arguments as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libesmtp versions 0.8.12 mutt versions 1.4.0 through 1.5.3 Balsa version 2.0.10 and earlier **Description** The issue concerns multiple vulnerabilities in certain packages of Red Hat Linux and Debian GNU/Linux operating systems, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A buffer overflow in Mutt and possibly other programs that use Mutt code allows a remote malicious IMAP server to cause a denial of service and possibly execute arbitrary code via a crafted folder. **Recommendations** For libesmtp version 0.8.12, update to a newer version to mitigate the risk. For mutt versions 1.4.0 through 1.5.3, update to version 1.5.4 or later to resolve the issue. For Balsa version 2.0.10 and earlier, update to version 2.0.11 or later to fix the vulnerability. As a temporary workaround, consider restricting access to the IMAP server to minimize the risk of exploitation.