Ytnef
Source repositories
CVEs (22)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9058 | Cri | 0.64 | 9.8 | 0.02 | May 18, 2017 | In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c. | ||
| CVE-2017-9146 | Hig | 0.57 | 8.8 | 0.02 | May 22, 2017 | The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have… | ||
| CVE-2017-6306 | Hig | 0.51 | 7.8 | 0.02 | Feb 24, 2017 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c." | ||
| CVE-2017-6305 | Hig | 0.51 | 7.8 | 0.01 | Feb 24, 2017 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "8 of 9. Out of Bounds read and write." | ||
| CVE-2017-6304 | Hig | 0.51 | 7.8 | 0.01 | Feb 24, 2017 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read." | ||
| CVE-2017-6303 | Hig | 0.51 | 7.8 | 0.01 | Feb 24, 2017 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer Overflow." | ||
| CVE-2017-6302 | Hig | 0.51 | 7.8 | 0.01 | Feb 24, 2017 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow." | ||
| CVE-2017-6301 | Hig | 0.51 | 7.8 | 0.01 | Feb 24, 2017 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "4 of 9. Out of Bounds Reads." | ||
| CVE-2017-6300 | Hig | 0.51 | 7.8 | 0.01 | Feb 24, 2017 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "3 of 9. Buffer Overflow in version field in lib/tnef-types.h." | ||
| CVE-2017-6298 | Hig | 0.51 | 7.8 | 0.01 | Feb 24, 2017 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "1 of 9. Null Pointer Deref / calloc return value not checked." | ||
| CVE-2017-6802 | Hig | 0.49 | 7.5 | 0.01 | Mar 10, 2017 | An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef. | ||
| CVE-2017-6801 | Hig | 0.49 | 7.5 | 0.01 | Mar 10, 2017 | An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef. | ||
| CVE-2017-6800 | Hig | 0.49 | 7.5 | 0.02 | Mar 10, 2017 | An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, related to MAPIPrint() in libytnef. | ||
| CVE-2017-12144 | Med | 0.36 | 5.5 | 0.01 | Aug 2, 2017 | In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. | ||
| CVE-2017-12142 | Med | 0.36 | 5.5 | 0.01 | Aug 2, 2017 | In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file. | ||
| CVE-2017-12141 | Med | 0.36 | 5.5 | 0.01 | Aug 2, 2017 | In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. | ||
| CVE-2017-9474 | Med | 0.36 | 5.5 | 0.01 | Jun 7, 2017 | In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | ||
| CVE-2017-9473 | Med | 0.36 | 5.5 | 0.01 | Jun 7, 2017 | In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | ||
| CVE-2017-9472 | Med | 0.36 | 5.5 | 0.01 | Jun 7, 2017 | In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | ||
| CVE-2017-9471 | Med | 0.36 | 5.5 | 0.01 | Jun 7, 2017 | In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. |
- risk 0.64cvss 9.8epss 0.02
In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c.
- risk 0.57cvss 8.8epss 0.02
The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have…
- risk 0.51cvss 7.8epss 0.02
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c."
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "8 of 9. Out of Bounds read and write."
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read."
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer Overflow."
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow."
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "4 of 9. Out of Bounds Reads."
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "3 of 9. Buffer Overflow in version field in lib/tnef-types.h."
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "1 of 9. Null Pointer Deref / calloc return value not checked."
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, related to MAPIPrint() in libytnef.
- risk 0.36cvss 5.5epss 0.01
In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
- risk 0.36cvss 5.5epss 0.01
In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
- risk 0.36cvss 5.5epss 0.01
In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
- risk 0.36cvss 5.5epss 0.01
In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
- risk 0.36cvss 5.5epss 0.01
In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
- risk 0.36cvss 5.5epss 0.01
In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
- risk 0.36cvss 5.5epss 0.01
In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
Page 1 of 2