ytnef_project 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには バッファオーバーフロー、vendor risk memory corruption, and パス処理の欠陥 があり、vendor surface production workloads and vendor surface software deployment の利用場面で アプリケーションクラッシュ、vendor impact memory corruption, and ファイル上書き などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2009-3721 | Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments. | [email protected] | 7.8 | 0.29% | 2021-05-26 | 2024-11-21 |
| CVE-2021-3404 | In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file. | [email protected] | 7.8 | 2.36% | 2021-03-04 | 2024-11-21 |
| CVE-2021-3403 | In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file. | [email protected] | 7.8 | 1.02% | 2021-03-04 | 2024-11-21 |
| CVE-2009-3887 | ytnef has directory traversal | [email protected] | 9.8 | 0.33% | 2019-10-29 | 2024-11-21 |
| CVE-2017-12144 | In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. | [email protected] | 5.5 | 0.33% | 2017-08-02 | 2026-05-13 |
| CVE-2017-12142 | In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file. | [email protected] | 5.5 | 0.16% | 2017-08-02 | 2026-05-13 |
| CVE-2017-12141 | In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. | [email protected] | 5.5 | 0.17% | 2017-08-02 | 2026-05-13 |
| CVE-2017-9474 | In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | [email protected] | 5.5 | 0.21% | 2017-06-07 | 2026-05-13 |
| CVE-2017-9473 | In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file. | [email protected] | 5.5 | 0.28% | 2017-06-07 | 2026-05-13 |
| CVE-2017-9472 | In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | [email protected] | 5.5 | 0.21% | 2017-06-07 | 2026-05-13 |
| CVE-2017-9471 | In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. | [email protected] | 5.5 | 0.24% | 2017-06-07 | 2026-05-13 |
| CVE-2017-9470 | In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. | [email protected] | 5.5 | 0.24% | 2017-06-07 | 2026-05-13 |
| CVE-2017-9146 | The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file. | [email protected] | 8.8 | 0.61% | 2017-05-22 | 2026-05-13 |
| CVE-2017-9058 | In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c. | [email protected] | 9.8 | 0.39% | 2017-05-18 | 2026-05-13 |
| CVE-2017-6802 | An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef. | [email protected] | 7.5 | 0.80% | 2017-03-10 | 2026-05-13 |
| CVE-2017-6801 | An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef. | [email protected] | 7.5 | 0.51% | 2017-03-10 | 2026-05-13 |
| CVE-2017-6800 | An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, related to MAPIPrint() in libytnef. | [email protected] | 7.5 | 0.54% | 2017-03-10 | 2026-05-13 |
| CVE-2017-6306 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c." | [email protected] | 7.8 | 0.47% | 2017-02-24 | 2026-05-13 |
| CVE-2017-6305 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "8 of 9. Out of Bounds read and write." | [email protected] | 7.8 | 0.33% | 2017-02-24 | 2026-05-13 |
| CVE-2017-6304 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read." | [email protected] | 7.8 | 0.36% | 2017-02-24 | 2026-05-13 |