CyberSec.Space Logo
Back to CVE Browser

CVE-2021-3404

HIGH
7.8
CVSS Severity Score
EPSS Score0.0360%
EPSS Percentile2.94th
PublishedMar 4, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.

Affected Platforms (CPE)

πŸ“¦
Ytnef Project

Ytnef

= 1.9.3
πŸ’»
Redhat

Enterprise Linux

= 7.0
πŸ’»
Fedoraproject

Fedora

= 33

References & Advisories

πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1926965
πŸ”— https://github.com/Yeraze/ytnef/issues/86
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1926965
πŸ”— https://github.com/Yeraze/ytnef/issues/86

Related Vulnerabilities

CVE-2017-90589.8

In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK mac...

CVE-2009-38879.8

ytnef has directory traversal

CVE-2017-91468.8

The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain...

CVE-2009-37217.8

Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is ...