Ytnef_project Ytnef
26 CVEs affecting Ytnef_project Ytnef. Latest disclosed: 2021-05-26. Critical: 2, High: 15.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2009-3887 | Critical | 9.8 | 2019-10-29 | ytnef has directory traversal |
CVE-2017-9058 | Critical | 9.8 | 2017-05-18 | In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c. |
CVE-2017-9146 | High | 8.8 | 2017-05-22 | The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which all… |
CVE-2009-3721 | High | 7.8 | 2021-05-26 | Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted… |
CVE-2021-3404 | High | 7.8 | 2021-03-04 | In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer… |
CVE-2021-3403 | High | 7.8 | 2021-03-04 | In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a d… |
CVE-2017-6306 | High | 7.8 | 2017-02-24 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename functi… |
CVE-2017-6305 | High | 7.8 | 2017-02-24 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "8 of 9. Out of Bounds read and write." |
CVE-2017-6304 | High | 7.8 | 2017-02-24 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read." |
CVE-2017-6303 | High | 7.8 | 2017-02-24 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer Overflow." |
CVE-2017-6302 | High | 7.8 | 2017-02-24 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow." |
CVE-2017-6301 | High | 7.8 | 2017-02-24 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "4 of 9. Out of Bounds Reads." |
CVE-2017-6300 | High | 7.8 | 2017-02-24 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "3 of 9. Buffer Overflow in version field in lib/tnef-types.h." |
CVE-2017-6298 | High | 7.8 | 2017-02-24 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "1 of 9. Null Pointer Deref / calloc return value not checked." |
CVE-2017-6802 | High | 7.5 | 2017-03-10 | An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF()… |
CVE-2017-6801 | High | 7.5 | 2017-03-10 | An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef. |
CVE-2017-6800 | High | 7.5 | 2017-03-10 | An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, related to… |
CVE-2017-12144 | Medium | 5.5 | 2017-08-02 | In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. |
CVE-2017-12142 | Medium | 5.5 | 2017-08-02 | In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a… |
CVE-2017-12141 | Medium | 5.5 | 2017-08-02 | In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of servi… |