U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:ytnef_project:ytnef:1.9:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 16 matching records.
Displaying matches 1 through 16.
Vuln ID Summary CVSS Severity
CVE-2009-3721

Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments.

Published: May 26, 2021; 6:15:07 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2009-3887

ytnef has directory traversal

Published: October 29, 2019; 3:15:12 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-9146

The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file.

Published: May 22, 2017; 2:29:00 PM -0400
V4.0:(not available)
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-9058

In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c.

Published: May 18, 2017; 2:29:00 AM -0400
V4.0:(not available)
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-6802

An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef.

Published: March 10, 2017; 5:59:00 AM -0500
V4.0:(not available)
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-6801

An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef.

Published: March 10, 2017; 5:59:00 AM -0500
V4.0:(not available)
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-6800

An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, related to MAPIPrint() in libytnef.

Published: March 10, 2017; 5:59:00 AM -0500
V4.0:(not available)
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-6306

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c."

Published: February 23, 2017; 11:59:00 PM -0500
V4.0:(not available)
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-6305

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "8 of 9. Out of Bounds read and write."

Published: February 23, 2017; 11:59:00 PM -0500
V4.0:(not available)
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-6304

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read."

Published: February 23, 2017; 11:59:00 PM -0500
V4.0:(not available)
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-6303

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer Overflow."

Published: February 23, 2017; 11:59:00 PM -0500
V4.0:(not available)
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-6302

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow."

Published: February 23, 2017; 11:59:00 PM -0500
V4.0:(not available)
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-6301

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "4 of 9. Out of Bounds Reads."

Published: February 23, 2017; 11:59:00 PM -0500
V4.0:(not available)
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-6300

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "3 of 9. Buffer Overflow in version field in lib/tnef-types.h."

Published: February 23, 2017; 11:59:00 PM -0500
V4.0:(not available)
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-6299

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c."

Published: February 23, 2017; 11:59:00 PM -0500
V4.0:(not available)
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-6298

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "1 of 9. Null Pointer Deref / calloc return value not checked."

Published: February 23, 2017; 11:59:00 PM -0500
V4.0:(not available)
V3.0: 7.8 HIGH
V2.0: 6.8 MEDIUM