Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ytnef
(Ytnef_project)| Repositories | https://github.com/Yeraze/ytnef |
| #Vulnerabilities | 26 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-08-02 | CVE-2017-12142 | In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file. | Ytnef | 5.5 | ||
| 2017-08-02 | CVE-2017-12144 | In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. | Ytnef | 5.5 | ||
| 2021-03-04 | CVE-2021-3404 | In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file. | Fedora, Enterprise_linux, Ytnef | 7.8 | ||
| 2021-03-04 | CVE-2021-3403 | In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file. | Fedora, Enterprise_linux, Ytnef | 7.8 | ||
| 2021-05-26 | CVE-2009-3721 | Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments. | Evolution, Ytnef | 7.8 | ||
| 2019-10-29 | CVE-2009-3887 | ytnef has directory traversal | Ytnef | N/A |