EUVD-2017-17997

Malware in sbrugna...

EUVD-2017-15856

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-9058

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c. CVE-2017-90...

Mageia: Security Advisory (MGASA-2017-0174)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-4615-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4615-1 libytnef vulnerabilities

It was discovered that Yerase's TNEF had null pointer dereferences, infinite loop, buffer overflow, out of bounds reads, directory traversal issues and other vulnerabilities. An attacker could use those issues to cause a crash and consequently a denial of service. CVE-2017-6298, CVE-2017-6299,...

USN-4615-1: Yerase's TNEF vulnerabilities

It was discovered that Yerase's TNEF had null pointer dereferences, infinite loop, buffer overflow, out of bounds reads, directory traversal issues and other vulnerabilities. An attacker could use those issues to cause a crash and consequently a denial of service. CVE-2017-6298, CVE-2017-6299,...

Ubuntu: Security Advisory (USN-3667-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : libytnef vulnerabilities (USN-3667-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3667-1 advisory. It was discovered that libytnef incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. CVE-2017-12141,...

USN-3667-1: libytnef vulnerabilities

It was discovered that libytnef incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. CVE-2017-12141, CVE-2017-9146, CVE-2017-9471, CVE-2017-9473 It was discovered that libytnef incorrectly handled certain files. An attacker could possibly use this t...

USN-3667-1 libytnef vulnerabilities

It was discovered that libytnef incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. CVE-2017-12141, CVE-2017-9146, CVE-2017-9471, CVE-2017-9473 It was discovered that libytnef incorrectly handled certain files. An attacker could possibly use this t...

Debian: Security Advisory (DLA-878-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[ASA-201708-10] libytnef: arbitrary code execution

Arch Linux Security Advisory ASA-201708-10 ========================================== Severity: High Date : 2017-08-14 CVE-ID : CVE-2017-9058 Package : libytnef Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-275 Summary ======= The package libytnef before...

Updated libytnef packages fix security vulnerabilities

Several issues were discovered in libytnef, a library used to decode application/ms-tnef e-mail attachments. Multiple heap overflows, out-of-bound writes and reads, NULL pointer dereferences and infinite loops could be exploited by tricking a user into opening a maliciously crafted winmail.dat fi...

MGASA-2017-0174 Updated libytnef packages fix security vulnerabilities

Several issues were discovered in libytnef, a library used to decode application/ms-tnef e-mail attachments. Multiple heap overflows, out-of-bound writes and reads, NULL pointer dereferences and infinite loops could be exploited by tricking a user into opening a maliciously crafted winmail.dat fi...

CVE-2017-9146

The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impa...

Heap overflow

The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impa...

CVE-2017-9146

The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impa...

CVE-2017-9146

The CVE-2017-9146 entry concerns the libytnef component (ytnef, libytnef) where TNEFFillMapi in lib/ytnef.c may allocate with a zero/nonzero count check, enabling a heap-based buffer overflow via a crafted tnef file. Affected up to ytnef 1.9.2; remote attackers could crash the application or caus...

CVE-2017-9146

The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impa...