Published: 24/02/2017 Updated: 13/03/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An issue exists in tnef prior to 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tnef project tnef
debian debian linux 8.0

Debian Bug report logs - #856117 tnef: CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310 Package: src:tnef; Maintainer for src:tnef is Kevin Coyner <kcoyner@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 25 Feb 2017 10:45:01 UTC Severity: grave Tags: fixed-upstream, security, upst ...

Eric Sesterhenn, from X41 D-Sec GmbH, discovered several vulnerabilities in tnef, a tool used to unpack MIME attachments of type application/ms-tnef Multiple heap overflows, type confusions and out of bound reads and writes could be exploited by tricking a user into opening a malicious attachment This would result in denial of service via applica ...

CWE-125 CWE-787 https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d https://github.com/verdammelt/tnef/blob/master/ChangeLog http://www.securityfocus.com/bid/96427 https://security.gentoo.org/glsa/201708-02 http://www.debian.org/security/2017/dsa-3798 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856117 https://nvd.nist.gov https://www.debian.org/security/./dsa-3798

CVE-2017-6310

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect