CyberSec.Space Logo
Back to CVE Browser

CVE-2017-6298

HIGH
7.8
CVSS Severity Score
EPSS Score0.0720%
EPSS Percentile2.83th
PublishedFeb 24, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "1 of 9. Null Pointer Deref / calloc return value not checked."

Affected Platforms (CPE)

πŸ“¦
Ytnef Project

Ytnef

<= 1.9
πŸ’»
Debian

Debian Linux

= 8.0
πŸ’»
Debian

Debian Linux

= 9.0

References & Advisories

πŸ”— http://www.debian.org/security/2017/dsa-3846
πŸ”— http://www.openwall.com/lists/oss-security/2017/02/15/4
πŸ”— http://www.securityfocus.com/bid/96423
πŸ”— https://github.com/Yeraze/ytnef/pull/27
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ/
πŸ”— https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
πŸ”— http://www.debian.org/security/2017/dsa-3846
πŸ”— http://www.openwall.com/lists/oss-security/2017/02/15/4

Related Vulnerabilities

CVE-2017-90589.8

In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK mac...

CVE-2009-38879.8

ytnef has directory traversal

CVE-2017-91468.8

The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain...

CVE-2009-37217.8

Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is ...