Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code.....
7.8CVSS
8.2AI Score
0.001EPSS
In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted...
7.8CVSS
7.5AI Score
0.001EPSS
In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted...
7.8CVSS
7.3AI Score
0.002EPSS
9.8CVSS
9.4AI Score
0.005EPSS
In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted...
5.5CVSS
6.9AI Score
0.001EPSS
In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted...
5.5CVSS
5.3AI Score
0.001EPSS
In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted...
5.5CVSS
5.3AI Score
0.001EPSS
In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted...
5.5CVSS
5.3AI Score
0.003EPSS
In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted...
5.5CVSS
6.8AI Score
0.005EPSS
In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted...
5.5CVSS
5.5AI Score
0.002EPSS
In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted...
5.5CVSS
5.5AI Score
0.002EPSS
In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted...
5.5CVSS
6.7AI Score
0.005EPSS
The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other...
8.8CVSS
9.5AI Score
0.009EPSS
In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in...
9.8CVSS
9.2AI Score
0.003EPSS
An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, related to MAPIPrint() in...
7.5CVSS
7.4AI Score
0.004EPSS
An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in...
7.5CVSS
7.3AI Score
0.002EPSS
An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in...
7.5CVSS
7.4AI Score
0.002EPSS
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "8 of 9. Out of Bounds read and...
7.8CVSS
7.3AI Score
0.003EPSS
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in...
7.8CVSS
7.3AI Score
0.003EPSS
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "1 of 9. Null Pointer Deref / calloc return value not...
7.8CVSS
7.3AI Score
0.003EPSS
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer...
7.8CVSS
7.4AI Score
0.003EPSS
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in...
5.5CVSS
6AI Score
0.002EPSS
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "4 of 9. Out of Bounds...
7.8CVSS
7.3AI Score
0.003EPSS
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "3 of 9. Buffer Overflow in version field in...
7.8CVSS
7.4AI Score
0.003EPSS
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer...
7.8CVSS
7.3AI Score
0.001EPSS
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds...
7.8CVSS
7.3AI Score
0.003EPSS