CVE-2010-5109

2014-05-0517:06:02

CWE-189

redhat

web.nvd.nist.gov

cve-2010-5109

decompressrtf

yerase

tnef stream reader

buffer overflow

denial of service

remote attackers

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.6

Confidence

High

EPSS

0.022

Percentile

89.6%

JSON

Off-by-one error in the DecompressRTF function in ytnef.c in Yerase’s TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow.

Affected configurations

Nvd

Node

randall_handyerase\'s_tnef_stream_readerMatch-

fedoraprojectfedoraMatch16

fedoraprojectfedoraMatch17

VendorProductVersionCPE
randall_handyerase\'s_tnef_stream_reader-cpe:2.3:a:randall_hand:yerase\'s_tnef_stream_reader:-:*:*:*:*:*:*:*
fedoraprojectfedora16cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
fedoraprojectfedora17cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
randall_hand	yerase\'s_tnef_stream_reader	-	cpe:2.3:a:randall_hand:yerase\'s_tnef_stream_reader:-:::::::*
fedoraproject	fedora	16	cpe:2.3:o:fedoraproject:fedora:16:::::::*
fedoraproject	fedora	17	cpe:2.3:o:fedoraproject:fedora:17:::::::*