CVE-2017-8911 — Integer Underflow (Wrap or Wraparound) in Tnef

CWE-191 — Integer Underflow (Wrap or Wraparound)7 documents5 sources

Severity

9.8CRITICALNVD

EPSS

0.2%

top 55.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tnef Project Tnef Debian Tnef

Timeline

PublishedMay 12

Latest updateMay 17

Description

An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/tnef< tnef 1.4.12-1.2 (bookworm)

▶Debiantnef_project/tnef< 1.4.12-1.2+3

▶NVDtnef_project/tnef1.4.14

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-575j-8r4j-2fmq: An integer underflow has been identified in the unicode_to_utf8() function in tnef 1↗2022-05-17

▶

OSV

CVE-2017-8911: An integer underflow has been identified in the unicode_to_utf8() function in tnef 1↗2017-05-12

▶

📋Vendor Advisories

Debian

CVE-2017-8911: tnef - An integer underflow has been identified in the unicode_to_utf8() function in tn...↗2017

▶

💬Community

Bugzilla

CVE-2017-8911 tnef: Integer underflow in unicode_to_utf8↗2017-05-16

▶

Bugzilla

CVE-2017-8911 tnef: Integer underflow in unicode_to_utf8 [fedora-all]↗2017-05-16

▶

Bugzilla

CVE-2017-8911 tnef: Integer underflow in unicode_to_utf8 [epel-all]↗2017-05-16

▶