There is a possible buffer overflow due an off-by-one error in
imap/util.c, line 125. The error is in the maximum field width indication in the sscanf() call. You must have room in the receiving buffer for this number of characters /plus a terminating NULL character/.
Showing with 3 additions and 3 deletions