Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Ytnef Project Subscribe
Total 26 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-9470 1 Ytnef Project 1 Ytnef 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
CVE-2017-9146 1 Ytnef Project 1 Ytnef 2025-04-20 6.8 MEDIUM 8.8 HIGH
The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file.
CVE-2021-3404 3 Fedoraproject, Redhat, Ytnef Project 3 Fedora, Enterprise Linux, Ytnef 2024-11-21 6.8 MEDIUM 7.8 HIGH
In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.
CVE-2021-3403 3 Fedoraproject, Redhat, Ytnef Project 3 Fedora, Enterprise Linux, Ytnef 2024-11-21 6.8 MEDIUM 7.8 HIGH
In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.
CVE-2009-3887 1 Ytnef Project 1 Ytnef 2024-11-21 7.5 HIGH 9.8 CRITICAL
ytnef has directory traversal
CVE-2009-3721 2 Gnome, Ytnef Project 2 Evolution, Ytnef 2024-11-21 6.8 MEDIUM 7.8 HIGH
Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments.