Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, when using BSMTP mode ("-B"), allows remote attackers to execute arbitrary code via email containing headers with leading "." characters.
8.2AI Score
0.065EPSS
SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to cause a denial of service via certain malformed messages.
6.3AI Score
0.043EPSS
SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary files) via a symlink attack on a file that is used by spamd.
6.1AI Score
0.0004EPSS