U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:ytnef_project:ytnef:1.9:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 16 matching records.
Displaying matches 1 through 16.
Vuln ID Summary CVSS Severity
CVE-2009-3721

Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments.

Published: May 26, 2021; 6:15:07 PM -0400 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2009-3887

ytnef has directory traversal

Published: October 29, 2019; 3:15:12 PM -0400 		V4.0:(not available)
 V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-9146

The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file.

Published: May 22, 2017; 2:29:00 PM -0400 		V4.0:(not available)
 V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-9058

In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c.

Published: May 18, 2017; 2:29:00 AM -0400 		V4.0:(not available)
 V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-6802

An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef.

Published: March 10, 2017; 5:59:00 AM -0500 		V4.0:(not available)
 V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-6801

An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef.

Published: March 10, 2017; 5:59:00 AM -0500 		V4.0:(not available)
 V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-6800

An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, related to MAPIPrint() in libytnef.

Published: March 10, 2017; 5:59:00 AM -0500 		V4.0:(not available)
 V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-6306

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c."

Published: February 23, 2017; 11:59:00 PM -0500 		V4.0:(not available)
 V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-6305

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "8 of 9. Out of Bounds read and write."

Published: February 23, 2017; 11:59:00 PM -0500 		V4.0:(not available)
 V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-6304

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read."

Published: February 23, 2017; 11:59:00 PM -0500 		V4.0:(not available)
 V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-6303

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer Overflow."

Published: February 23, 2017; 11:59:00 PM -0500 		V4.0:(not available)
 V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-6302

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow."

Published: February 23, 2017; 11:59:00 PM -0500 		V4.0:(not available)
 V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-6301

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "4 of 9. Out of Bounds Reads."

Published: February 23, 2017; 11:59:00 PM -0500 		V4.0:(not available)
 V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-6300

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "3 of 9. Buffer Overflow in version field in lib/tnef-types.h."

Published: February 23, 2017; 11:59:00 PM -0500 		V4.0:(not available)
 V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-6299

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c."

Published: February 23, 2017; 11:59:00 PM -0500 		V4.0:(not available)
 V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-6298

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "1 of 9. Null Pointer Deref / calloc return value not checked."

Published: February 23, 2017; 11:59:00 PM -0500 		V4.0:(not available)
 V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM