In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file. (CVE-2021-3403) In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file. (CVE-2021-3404)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 8 | noarch | ytnef | < 2.0-1 | ytnef-2.0-1.mga8 |