Filtered by vendor Ytnef Project Subscriptions
Filtered by product Ytnef Subscriptions
Total 26 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-9146 1 Ytnef Project 1 Ytnef 2025-04-20 N/A
The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file.
CVE-2017-9472 1 Ytnef Project 1 Ytnef 2025-04-20 N/A
In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2021-3404 3 Fedoraproject, Redhat, Ytnef Project 3 Fedora, Enterprise Linux, Ytnef 2024-11-21 7.8 High
In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.
CVE-2021-3403 3 Fedoraproject, Redhat, Ytnef Project 3 Fedora, Enterprise Linux, Ytnef 2024-11-21 7.8 High
In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.
CVE-2009-3887 1 Ytnef Project 1 Ytnef 2024-11-21 9.8 Critical
ytnef has directory traversal
CVE-2009-3721 2 Gnome, Ytnef Project 2 Evolution, Ytnef 2024-11-21 7.8 High
Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments.