QSearchQSearch

CVE-2026-44844

eml_parser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed info...

Published: 2026-05-26 · Last updated: 2026-06-01

Severity and scoring

CWE
CWE-674

Description

eml_parser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to 3.0.1, EmlParser.get_raw_body_text() recurses unconditionally for every nested message/rfc822 attachment without any depth limit. An attacker who can supply a badly crafted EML file with approximately 120 nested message/rfc822 parts triggers an unhandled RecursionError and aborts parsing of the message. A 12 KB EML file is enough to crash a worker. Though this causes the parser to crash, it is an unlikely scenario as the suggested EML that crashes the parser would not pass basic RFC compliance tests. This vulnerability is fixed in 3.0.1.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2025-7010 Stack overflow vulnerability due to uncontrolled recursion in Avast Antivirus when scanning a malformed PDF file may allow Denial-of-Serv... (5.5 MEDIUM)
  • CVE-2025-7005 Uncontrolled recursion vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the anti... (5.5 MEDIUM)
  • CVE-2026-4870 IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontr... (7.5 HIGH)
  • CVE-2026-48734 ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)
  • CVE-2026-46557 ImageMagick is free and open-source software used for editing and manipulating digital images (6.2 MEDIUM)