Lucene search

GoogleOSV:CVE-2017-12142

HistoryAug 02, 2017 - 5:29 a.m.

CVE-2017-12142

2017-08-0205:29:00

Google

osv.dev

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.5%

JSON

In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file.

CPENameOperatorVersion
ytnefeq1.9.1-2
ytnefeq1.9.1
ytnefeq1.8
ytnefeq1.7
ytnefeq1.9.2
ytnefeq1.9

Name	Operator	Version
ytnef	eq	1.9.1-2
ytnef	eq	1.9.1
ytnef	eq	1.8
ytnef	eq	1.7
ytnef	eq	1.9.2
ytnef	eq	1.9

References

github.com/Yeraze/ytnef/issues/49

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ/

somevulnsofadlab.blogspot.com/2017/07/ytnefinvalid-memory-read-in-swapdword.html