A null dereference vulnerability has been found in the MIME handling component of libetpan-dev before 1.8, as used in MailCore and MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed parse of a Ccheader containing multiple e-mail addresses.