CVE-2010-5109

2014-05-0500:00:00

ubuntu.com

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS

0.022

Percentile

89.6%

JSON

Off-by-one error in the DecompressRTF function in ytnef.c in Yerase’s TNEF
Stream Reader allows remote attackers to cause a denial of service (crash)
via a crafted TNEF file, which triggers a buffer overflow.

Bugs

<https://bugzilla.redhat.com/show_bug.cgi?id=831322>

Notes

Author	Note
jdstrand	this is a DoS only since the memory after the unterminated comp_Prebuf.data is not actually access anywhere. libytnef0 is only used by evolution on 10.04 LTS and later. libytnef is linked in to modules/module-tnef-attachment.so from libevolution on 12.10 and later. plugins/liborg-gnome-tnef-attachments.so on 12.04 and earlier. This is shipped in the evolution-plugins-experimental package, from universe on 13.10+, PoC is recognized as TNEF file, but not all attachments are shown (not security) on 12.04, recognized as TNEF file, but not all attachments are shown (not security) on 11.10 and earlier, no crash (not security)

Author

Note

jdstrand

this is a DoS only since the memory after the unterminated comp_Prebuf.data is not actually access anywhere. libytnef0 is only used by evolution on 10.04 LTS and later. libytnef is linked in to modules/module-tnef-attachment.so from libevolution on 12.10 and later. plugins/liborg-gnome-tnef-attachments.so on 12.04 and earlier. This is shipped in the evolution-plugins-experimental package, from universe on 13.10+, PoC is recognized as TNEF file, but not all attachments are shown (not security) on 12.04, recognized as TNEF file, but not all attachments are shown (not security) on 11.10 and earlier, no crash (not security)