VYPR
Vendor

Tnef Project

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2017-8911CriMay 12, 2017
    risk 0.64cvss 9.8epss 0.02

    An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker.

  • CVE-2017-6310HigFeb 24, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker.

  • CVE-2017-6309HigFeb 24, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker.

  • CVE-2017-6308HigFeb 24, 2017
    risk 0.51cvss 7.8epss 0.02

    An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation.

  • CVE-2017-6307HigFeb 24, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker.

  • CVE-2019-18849Nov 11, 2019
    risk 0.00cvss epss 0.01

    In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.

  • CVE-2000-0614Jul 10, 2000
    risk 0.00cvss epss 0.04

    Tnef program in Linux systems allows remote attackers to overwrite arbitrary files via TNEF encoded compressed attachments which specify absolute path names for the decompressed output.