CVE-2017-9146Improper Restriction of Operations within the Bounds of a Memory Buffer in Libytnef

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-125Out-of-bounds Read9 documents7 sources
Severity
8.8HIGHNVD
OSV5.5
EPSS
0.6%
top 30.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian LibytnefYtnef Project Ytnef
Timeline
PublishedMay 22
Latest updateMay 14

Description

The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

debiandebian/libytnef< libytnef 1.9.3-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-798c-jx77-ccgp: The TNEFFillMapi function in lib/ytnef2022-05-14
OSV
libytnef vulnerabilities2018-05-31
OSV
CVE-2017-9146: The TNEFFillMapi function in lib/ytnef2017-05-22

📋Vendor Advisories

3
Ubuntu
libytnef vulnerabilities2018-05-31
Red Hat
exiv2: out-of-bounds read in Exiv2::IptcData::printStructure in image.cpp2018-03-28
Debian
CVE-2017-9146: libytnef - The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does...2017

💬Community

2
Bugzilla
CVE-2018-9146 exiv2: out-of-bounds read in Exiv2::IptcData::printStructure in image.cpp2018-04-05
Bugzilla
CVE-2017-6800 CVE-2017-6801 CVE-2017-6802 CVE-2017-9058 CVE-2017-9146 ytnef: Multiple vulnerabilities fixed in 1.9.2 version2017-03-13