CPE Details
YTNEF Project YTNEF 1.9.1
1.9.1
2019-10-17
15h27 +00:00
15h27 +00:00
2019-10-17
15h27 +00:00
15h27 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:ytnef_project:ytnef:1.9.1:*:*:*:*:*:*:*
Informations
Vendor
ytnef_projectProduct
ytnefVersion
1.9.1Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments. | 7.8 |
High |
||
| ytnef has directory traversal | 9.8 |
Critical |
||
| The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file. | 8.8 |
High |
||
| In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c. | 9.8 |
Critical |
||
| An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, related to MAPIPrint() in libytnef. | 7.5 |
High |
||
| An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef. | 7.5 |
High |
||
| An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef. | 7.5 |
High |
2025©
tesweb SA
