CVE-2017-9058Out-of-bounds Read in Libytnef

CWE-125Out-of-bounds Read7 documents6 sources
Severity
9.8CRITICALNVD
OSV5.5
EPSS
0.4%
top 40.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian LibytnefYtnef Project YtnefCanonical Ubuntu Linux
Timeline
PublishedMay 18
Latest updateMay 13

Description

In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

debiandebian/libytnef< libytnef 1.9.2-2 (bookworm)

Also affects: Ubuntu Linux 14.04

Patches

Patch: bugs.debian.orgPatch: bugs.debian.org

🔴Vulnerability Details

3
GHSA
GHSA-4g85-cv2v-x664: In libytnef in ytnef through 12022-05-13
OSV
libytnef vulnerabilities2018-05-31
OSV
CVE-2017-9058: In libytnef in ytnef through 12017-05-18

📋Vendor Advisories

2
Ubuntu
libytnef vulnerabilities2018-05-31
Debian
CVE-2017-9058: libytnef - In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due t...2017

💬Community

1
Bugzilla
CVE-2017-6800 CVE-2017-6801 CVE-2017-6802 CVE-2017-9058 CVE-2017-9146 ytnef: Multiple vulnerabilities fixed in 1.9.2 version2017-03-13