CyberSec.Space Logo
Back to CVE Browser

CVE-2017-6307

HIGH
7.8
CVSS Severity Score
EPSS Score0.0500%
EPSS Percentile8.85th
PublishedFeb 24, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker.

Affected Platforms (CPE)

πŸ“¦
Tnef Project

Tnef

<= 1.4.12
πŸ’»
Debian

Debian Linux

= 8.0

References & Advisories

πŸ”— http://www.debian.org/security/2017/dsa-3798
πŸ”— http://www.securityfocus.com/bid/96427
πŸ”— https://github.com/verdammelt/tnef/blob/master/ChangeLog
πŸ”— https://github.com/verdammelt/tnef/commit/1a17af1ed0c791aec44dbdc9eab91218cc1e335a
πŸ”— https://security.gentoo.org/glsa/201708-02
πŸ”— https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/
πŸ”— http://www.debian.org/security/2017/dsa-3798
πŸ”— http://www.securityfocus.com/bid/96427

Related Vulnerabilities

CVE-2000-061410.0

Tnef program in Linux systems allows remote attackers to overwrite arbitrary files via TNEF encoded compressed attachments which s...

CVE-2016-36459.8

Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Da...

CVE-2017-89119.8

An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operat...

CVE-2009-00989.3

Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neu...