CyberSec.Space Logo
Back to CVE Browser

CVE-2017-8911

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1790%
EPSS Percentile11.10th
PublishedMay 12, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker.

Affected Platforms (CPE)

πŸ“¦
Tnef Project

Tnef

= 1.4.14

References & Advisories

πŸ”— http://www.debian.org/security/2017/dsa-3869
πŸ”— https://github.com/verdammelt/tnef/issues/23
πŸ”— https://security.gentoo.org/glsa/201708-02
πŸ”— http://www.debian.org/security/2017/dsa-3869
πŸ”— https://github.com/verdammelt/tnef/issues/23
πŸ”— https://security.gentoo.org/glsa/201708-02

Related Vulnerabilities

CVE-2000-061410.0

Tnef program in Linux systems allows remote attackers to overwrite arbitrary files via TNEF encoded compressed attachments which s...

CVE-2016-36459.8

Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Da...

CVE-2009-00989.3

Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neu...

CVE-2017-91468.8

The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain...