The IMAP-code of mutt is vulnerable to a buffer overflow that can be exploited by a malicious IMAP-server to crash mutt or even execute arbitrary code with the privileges of the user running mutt.