CVE-2017-6309

🗓️ 24 Feb 2017 04:59:00Reported by ubuntu.comType

ubuntucve

ubuntucve🔗 ubuntu.com👁 20 Views

Vulnerability in tnef parsing function

Reporter	Title	Published	Views	Family All 37
FreeBSD	tnef -- Invalid read and write operations, controlled by an attacker	24 Feb 201700:00	–	freebsd
CNVD	tnef 'parse_file()' function denial of service vulnerability	24 Feb 201700:00	–	cnvd
CVE	CVE-2017-6309	24 Feb 201704:23	–	cve
Cvelist	CVE-2017-6309	24 Feb 201704:23	–	cvelist
Debian	[SECURITY] [DLA 839-1] tnef security update	27 Feb 201721:17	–	debian
Debian	[SECURITY] [DLA 839-2] tnef regression update	24 Mar 201721:44	–	debian
Debian	[SECURITY] [DSA 3798-1] tnef security update	1 Mar 201707:46	–	debian
Debian	[SECURITY] [DSA 3798-1] tnef security update	1 Mar 201707:46	–	debian
Debian CVE	CVE-2017-6309	24 Feb 201704:23	–	debiancve
Tenable Nessus	Debian DLA-839-2 : tnef regression update	28 Feb 201700:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	14.04	any	tnef	1.4.9-1+deb8u2build0.14.04.1	tnef_1.4.9-1+deb8u2build0.14.04.1_any.deb
Ubuntu	16.04	any	tnef	1.4.9-1+deb8u2build0.16.04.1	tnef_1.4.9-1+deb8u2build0.16.04.1_any.deb
Ubuntu	16.10	any	tnef	1.4.9-1+deb8u2build0.16.10.1	tnef_1.4.9-1+deb8u2build0.16.10.1_any.deb
Ubuntu	17.04	any	tnef	1.4.12-1ubuntu0.1	tnef_1.4.12-1ubuntu0.1_any.deb

Source	Link
x41-dsec	www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/
github	www.github.com/verdammelt/tnef/blob/master/ChangeLog
github	www.github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d
cve	www.cve.org/CVERecord

25 Aug 2025 22:35Current

7.1High risk

Vulners AI Score7.1

CVSS 26.8

CVSS 37.8

EPSS0.00443

cve-2017-6309 type confusion parse function invalid operations read and write attacker control unix