Skip to main content

Ytnef

24 CVEs product

Monthly

CVE-2021-3404 HIGH POC This Week

In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Ytnef Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.9%
CVE-2021-3403 HIGH POC This Week

In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Ytnef Enterprise Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.8%
CVE-2017-12144 MEDIUM This Month

In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ytnef
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-12142 MEDIUM This Month

In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Ytnef
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-12141 MEDIUM PATCH This Month

In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Ytnef
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-9474 MEDIUM POC This Month

In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Ytnef
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-9473 MEDIUM POC This Month

In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ytnef Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-9472 MEDIUM POC This Month

In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Ytnef
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-9471 MEDIUM POC This Month

In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Ytnef Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-9470 MEDIUM POC This Month

In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ytnef
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-9146 HIGH POC This Week

The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ytnef
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-9058 CRITICAL PATCH Act Now

In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ytnef Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2017-6802 HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ytnef Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-6801 HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ytnef Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-6800 HIGH POC PATCH This Week

An issue was discovered in ytnef before 1.9.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Ytnef Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-6306 HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Ytnef Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-6305 HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ytnef Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-6304 HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ytnef Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-6303 HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Ytnef Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-6302 HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Ytnef Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-6301 HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ytnef Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-6300 HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Ytnef Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-6299 MEDIUM PATCH This Month

An issue was discovered in ytnef before 1.9.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Ytnef Debian Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-6298 HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Ytnef Debian Linux
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
EPSS 2% CVSS 7.8
HIGH POC This Week

In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Ytnef +2
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC This Week

In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption +3
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ytnef
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Ytnef
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ytnef Ubuntu Linux
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ytnef
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ytnef
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ytnef +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ytnef +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ytnef +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

An issue was discovered in ytnef before 1.9.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Ytnef +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Ytnef Debian Linux
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ytnef +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ytnef +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Ytnef +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Ytnef +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ytnef +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Ytnef Debian Linux
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in ytnef before 1.9.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Ytnef Debian Linux
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in ytnef before 1.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Ytnef +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy