Ytnef Project

ytnef_project

26 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Ytnef

ytnef

26 CVEs

CVEs (26)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2009-3721 2Gnome Ytnef Project 2Evolution Ytnef Nov 21, 2024 May 26, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitr...Show more Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments.Show less
CVE-2021-3404 3Fedoraproject RedhatYtnef Project 3Enterprise Linux FedoraYtnef Nov 21, 2024 Mar 4, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.
CVE-2021-3403 3Fedoraproject RedhatYtnef Project 3Enterprise Linux FedoraYtnef Nov 21, 2024 Mar 4, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.
CVE-2009-3887 1Ytnef Project 1Ytnef Nov 21, 2024 Oct 29, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 ytnef has directory traversal
CVE-2017-12144 1Ytnef Project 1Ytnef May 13, 2026 Aug 2, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-12142 1Ytnef Project 1Ytnef May 13, 2026 Aug 2, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-12141 1Ytnef Project 1Ytnef May 13, 2026 Aug 2, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-9474 1Ytnef Project 1Ytnef May 13, 2026 Jun 7, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2017-9473 2Canonical Ytnef Project 2Ubuntu Linux Ytnef May 13, 2026 Jun 7, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVE-2017-9472 1Ytnef Project 1Ytnef May 13, 2026 Jun 7, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2017-9471 2Canonical Ytnef Project 2Ubuntu Linux Ytnef May 13, 2026 Jun 7, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2017-9470 1Ytnef Project 1Ytnef May 13, 2026 Jun 7, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
CVE-2017-9146 1Ytnef Project 1Ytnef May 13, 2026 May 22, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based...Show more The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file.Show less
CVE-2017-9058 2Canonical Ytnef Project 2Ubuntu Linux Ytnef May 13, 2026 May 18, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c.
CVE-2017-6802 2Debian Ytnef Project 2Debian Linux Ytnef May 13, 2026 Mar 10, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef.
CVE-2017-6801 2Debian Ytnef Project 2Debian Linux Ytnef May 13, 2026 Mar 10, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef.
CVE-2017-6800 2Debian Ytnef Project 2Debian Linux Ytnef May 13, 2026 Mar 10, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, related to MAPIPrint() in libytnef.
CVE-2017-6306 2Debian Ytnef Project 2Debian Linux Ytnef May 13, 2026 Feb 24, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c."
CVE-2017-6305 2Debian Ytnef Project 2Debian Linux Ytnef May 13, 2026 Feb 24, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "8 of 9. Out of Bounds read and write."
CVE-2017-6304 2Debian Ytnef Project 2Debian Linux Ytnef May 13, 2026 Feb 24, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read."

12 Next