CVE-2017-6307Out-of-bounds Write in Tnef

CWE-787Out-of-bounds Write7 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 36.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Tnef Project TnefDebian TnefDebian Linux
Timeline
PublishedFeb 24
Latest updateMay 14

Description

An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

debiandebian/tnef< tnef 1.4.12-1.1 (bookworm)
Debiantnef_project/tnef< 1.4.12-1.1+3
NVDtnef_project/tnef1.4.12

Also affects: Debian Linux 8.0

Patches

Patch: github.comPatch: github.comPatch: www.x41-dsec.de

🔴Vulnerability Details

2
GHSA
GHSA-p3gc-pjgj-g65j: An issue was discovered in tnef before 12022-05-14
OSV
CVE-2017-6307: An issue was discovered in tnef before 12017-02-24

📋Vendor Advisories

1
Debian
CVE-2017-6307: tnef - An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identifi...2017

💬Community

3
Bugzilla
CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310 tnef: Multiple vulnerabilities fixed in 1.4.13 [fedora-all]2017-02-28
Bugzilla
CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310 tnef: Multiple vulnerabilities fixed in 1.4.132017-02-28
Bugzilla
CVE-2017-6307 CVE-2017-6308 CVE-2017-6309 CVE-2017-6310 tnef: Multiple vulnerabilities fixed in 1.4.13 [epel-all]2017-02-28