MidnightBSD

Advisories for tnef_project

CVE-2017-6307 MEDIUM

An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 8.0
tnef_project tnef *
CVE-2017-6308 MEDIUM

An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
debian debian_linux 8.0
tnef_project tnef *
CVE-2017-6309 MEDIUM

An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 8.0
tnef_project tnef *
CVE-2017-6310 MEDIUM

An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-787,

Products Affected

Vendor Product Version
debian debian_linux 8.0
tnef_project tnef *
CVE-2017-8911 HIGH

An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-191,

Products Affected

Vendor Product Version
tnef_project tnef 1.4.14
CVE-2019-18849 MEDIUM

In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 8.0
fedoraproject fedora 30
canonical ubuntu_linux 16.04
tnef_project tnef *
fedoraproject fedora 31