Vulnerabilities (CVE)

Filtered by vendor Tnef Project Subscribe
Filtered by product Tnef
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-18849 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.
CVE-2017-8911 1 Tnef Project 1 Tnef 2024-11-21 7.5 HIGH 9.8 CRITICAL
An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker.
CVE-2017-6310 2 Debian, Tnef Project 2 Debian Linux, Tnef 2024-11-21 6.8 MEDIUM 7.8 HIGH
An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker.
CVE-2017-6309 2 Debian, Tnef Project 2 Debian Linux, Tnef 2024-11-21 6.8 MEDIUM 7.8 HIGH
An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker.
CVE-2017-6308 2 Debian, Tnef Project 2 Debian Linux, Tnef 2024-11-21 6.8 MEDIUM 7.8 HIGH
An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation.
CVE-2017-6307 2 Debian, Tnef Project 2 Debian Linux, Tnef 2024-11-21 6.8 MEDIUM 7.8 HIGH
An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker.