VYPR
Vendor

Ytnef

Products
2
CVEs
10
Across products
10
Status
Private

Products

2

Recent CVEs

10
  • CVE-2017-6298HigFeb 24, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "1 of 9. Null Pointer Deref / calloc return value not checked."

  • CVE-2017-12142MedAug 2, 2017
    risk 0.36cvss 5.5epss 0.01

    In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file.

  • CVE-2017-12141MedAug 2, 2017
    risk 0.36cvss 5.5epss 0.01

    In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.

  • CVE-2017-9474MedJun 7, 2017
    risk 0.36cvss 5.5epss 0.01

    In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

  • CVE-2017-6299MedFeb 24, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c."

  • CVE-2009-3721May 26, 2021
    risk 0.00cvss epss 0.02

    Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially…

  • CVE-2021-3404Mar 4, 2021
    risk 0.00cvss epss 0.02

    In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.

  • CVE-2021-3403Mar 4, 2021
    risk 0.00cvss epss 0.02

    In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.

  • CVE-2009-3887Oct 29, 2019
    risk 0.00cvss epss 0.03

    ytnef has directory traversal

  • CVE-2010-5109May 5, 2014
    risk 0.00cvss epss 0.02

    Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow.

VYPR — Vulnerability Intelligence