2 matches found
ytnef heap buffer overflow vulnerability (CNVD-2017-07578)
ytnef is an application library for extracting data from winmail.dat files. A heap buffer overflow vulnerability exists in ytnef 1.9.2 and earlier versions of libytnef due to the program failing to properly validate bounds in the SIZECHECK macro in the lib/ytnef.c file. An attacker can exploit th...
CVE-2017-9058
In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c...