CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
89.6%
Off-by-one error in the DecompressRTF function in ytnef.c in Yerase’s TNEF
Stream Reader allows remote attackers to cause a denial of service (crash)
via a crafted TNEF file, which triggers a buffer overflow.
Author | Note |
---|---|
jdstrand | this is a DoS only since the memory after the unterminated comp_Prebuf.data is not actually access anywhere. libytnef0 is only used by evolution on 10.04 LTS and later. libytnef is linked in to modules/module-tnef-attachment.so from libevolution on 12.10 and later. plugins/liborg-gnome-tnef-attachments.so on 12.04 and earlier. This is shipped in the evolution-plugins-experimental package, from universe on 13.10+, PoC is recognized as TNEF file, but not all attachments are shown (not security) on 12.04, recognized as TNEF file, but not all attachments are shown (not security) on 11.10 and earlier, no crash (not security) |
lists.fedoraproject.org/pipermail/package-announce/2012-July/083804.html
lists.fedoraproject.org/pipermail/package-announce/2012-July/083853.html
sourceforge.net/p/ytnef/bugs/13/
www.openwall.com/lists/oss-security/2013/04/11/1
launchpad.net/bugs/cve/CVE-2010-5109
nvd.nist.gov/vuln/detail/CVE-2010-5109
security-tracker.debian.org/tracker/CVE-2010-5109
www.cve.org/CVERecord?id=CVE-2010-5109