Product:

Ytnef

(Ytnef_project)
Repositories https://github.com/Yeraze/ytnef
#Vulnerabilities 26
Date Id Summary Products Score Patch Annotated
2017-02-24 CVE-2017-6306 An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c." Debian_linux, Ytnef 7.8
2017-03-10 CVE-2017-6800 An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, related to MAPIPrint() in libytnef. Debian_linux, Ytnef 7.5
2017-03-10 CVE-2017-6801 An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef. Debian_linux, Ytnef 7.5
2017-03-10 CVE-2017-6802 An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef. Debian_linux, Ytnef 7.5
2017-05-18 CVE-2017-9058 In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c. Ubuntu_linux, Ytnef 9.8
2017-05-22 CVE-2017-9146 The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file. Ytnef 8.8
2017-06-07 CVE-2017-9470 In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. Ytnef 5.5
2017-06-07 CVE-2017-9471 In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. Ubuntu_linux, Ytnef 5.5
2017-06-07 CVE-2017-9472 In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. Ytnef 5.5
2017-06-07 CVE-2017-9473 In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file. Ubuntu_linux, Ytnef 5.5