High severity7.8NVD Advisory· Published Feb 24, 2017· Updated May 13, 2026

CVE-2017-6309

Description

An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker.

Affected products

Tnef Project/Tnef
cpe:2.3:a:tnef_project:tnef:*:*:*:*:*:*:*:*
Range: <=1.4.12
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/verdammelt/tnef/blob/master/ChangeLognvdPatchRelease NotesThird Party Advisory
github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344dnvdIssue TrackingPatchThird Party Advisory
www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/nvdPatchThird Party Advisory
www.debian.org/security/2017/dsa-3798nvdThird Party Advisory
www.securityfocus.com/bid/96427nvdThird Party AdvisoryVDB Entry
security.gentoo.org/glsa/201708-02nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000