An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.
do not call parts_set during walk_parts unless the parts have actually changed
When trying to decode a body, fall back to 7bit if the encoding is unknown. Trying to create a new body in an unknown encoding is still forbidden. This should make it easier to handle broken messages from "the internet." ("Content-Transfer-Encoding: n"!?)
Changes for version 1.912_01 - 2013-04-08
try to encode headers based on the header structure, if it has one, rather than treating the header as a big string in all cases; thanks for this work go to Jesse Luehrs