YTNEF Project YTNEF 1.9.2

CPE Details

YTNEF Project YTNEF 1.9.2
ytnef_project
ytnef
1.9.2
2019-10-17
15h27 +00:00
2019-10-17
15h27 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:ytnef_project:ytnef:1.9.2:*:*:*:*:*:*:*

Informations

Vendor

ytnef_project

Product

ytnef

Version

1.9.2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2009-3721 2021-05-26 19h06 +00:00 Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments.
7.8
High
CVE-2009-3887 2019-10-29 11h37 +00:00 ytnef has directory traversal
9.8
Critical
CVE-2017-12141 2017-08-02 03h00 +00:00 In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
5.5
Medium
CVE-2017-12142 2017-08-02 03h00 +00:00 In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
5.5
Medium
CVE-2017-12144 2017-08-02 03h00 +00:00 In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
5.5
Medium
CVE-2017-9470 2017-06-07 02h50 +00:00 In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
5.5
Medium
CVE-2017-9471 2017-06-07 02h50 +00:00 In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
5.5
Medium
CVE-2017-9472 2017-06-07 02h50 +00:00 In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
5.5
Medium
CVE-2017-9473 2017-06-07 02h50 +00:00 In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
5.5
Medium
CVE-2017-9474 2017-06-07 02h50 +00:00 In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
5.5
Medium
CVE-2017-9146 2017-05-22 16h00 +00:00 The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file.
8.8
High
CVE-2017-9058 2017-05-18 04h13 +00:00 In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c.
9.8
Critical