CyberSec.Space Logo
返回 CVE 浏览器

CVE-2017-9146

HIGH
8.8
CVSS Severity Score
EPSS Score0.1830%
EPSS Percentile32.17th
Published2017年5月22日
Last Modified2026年5月13日

Vulnerability Description

The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file.

Affected Platforms (CPE)

📦
Ytnef Project

Ytnef

<= 1.9.2

References & Advisories

🔗 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862707
🔗 https://github.com/Yeraze/ytnef/issues/47
🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ/
🔗 https://usn.ubuntu.com/3667-1/
🔗 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862707
🔗 https://github.com/Yeraze/ytnef/issues/47
🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ/
🔗 https://usn.ubuntu.com/3667-1/

相关漏洞威胁

CVE-2017-90589.8

In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK mac...

CVE-2009-38879.8

ytnef has directory traversal

CVE-2009-37217.8

Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is ...

CVE-2021-34047.8

In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code ex...