Filtered by vendor Ytnef Project
Subscribe
Total
26 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-3721 | 2 Gnome, Ytnef Project | 2 Evolution, Ytnef | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments. | |||||
CVE-2021-3404 | 3 Fedoraproject, Redhat, Ytnef Project | 3 Fedora, Enterprise Linux, Ytnef | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file. | |||||
CVE-2021-3403 | 3 Fedoraproject, Redhat, Ytnef Project | 3 Fedora, Enterprise Linux, Ytnef | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file. | |||||
CVE-2009-3887 | 1 Ytnef Project | 1 Ytnef | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
ytnef has directory traversal | |||||
CVE-2017-12141 | 1 Ytnef Project | 1 Ytnef | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. | |||||
CVE-2017-9470 | 1 Ytnef Project | 1 Ytnef | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. | |||||
CVE-2017-9471 | 2 Canonical, Ytnef Project | 2 Ubuntu Linux, Ytnef | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | |||||
CVE-2017-9472 | 1 Ytnef Project | 1 Ytnef | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | |||||
CVE-2017-12144 | 1 Ytnef Project | 1 Ytnef | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. | |||||
CVE-2017-9473 | 2 Canonical, Ytnef Project | 2 Ubuntu Linux, Ytnef | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | |||||
CVE-2017-12142 | 1 Ytnef Project | 1 Ytnef | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file. | |||||
CVE-2017-9474 | 1 Ytnef Project | 1 Ytnef | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | |||||
CVE-2017-6300 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "3 of 9. Buffer Overflow in version field in lib/tnef-types.h." | |||||
CVE-2017-6299 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c." | |||||
CVE-2017-6303 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer Overflow." | |||||
CVE-2017-6304 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read." | |||||
CVE-2017-6302 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow." | |||||
CVE-2017-6802 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef. | |||||
CVE-2017-9146 | 1 Ytnef Project | 1 Ytnef | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file. | |||||
CVE-2017-9058 | 2 Canonical, Ytnef Project | 2 Ubuntu Linux, Ytnef | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c. |