Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ytnef
(Ytnef_project)| Repositories | https://github.com/Yeraze/ytnef |
| #Vulnerabilities | 26 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-03-10 | CVE-2017-6801 | An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef. | Debian_linux, Ytnef | 7.5 | ||
| 2017-03-10 | CVE-2017-6802 | An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef. | Debian_linux, Ytnef | 7.5 | ||
| 2017-05-18 | CVE-2017-9058 | In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c. | Ubuntu_linux, Ytnef | 9.8 | ||
| 2017-05-22 | CVE-2017-9146 | The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file. | Ytnef | 8.8 | ||
| 2017-06-07 | CVE-2017-9470 | In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. | Ytnef | 5.5 | ||
| 2017-06-07 | CVE-2017-9471 | In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | Ubuntu_linux, Ytnef | 5.5 | ||
| 2017-06-07 | CVE-2017-9472 | In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | Ytnef | 5.5 | ||
| 2017-06-07 | CVE-2017-9473 | In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | Ubuntu_linux, Ytnef | 5.5 | ||
| 2017-06-07 | CVE-2017-9474 | In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | Ytnef | 5.5 | ||
| 2017-08-02 | CVE-2017-12141 | In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. | Ytnef | 5.5 |