Vulnerabilities > Ytnef Project > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-05-26 CVE-2009-3721 Path Traversal vulnerability in multiple products
Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF.
6.8
2021-03-04 CVE-2021-3404 Out-of-bounds Write vulnerability in multiple products
In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.
6.8
2021-03-04 CVE-2021-3403 Double Free vulnerability in multiple products
In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.
6.8
2017-08-02 CVE-2017-12144 Allocation of Resources Without Limits or Throttling vulnerability in Ytnef Project Ytnef 1.9.2
In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
local
low complexity
ytnef-project CWE-770
5.5
2017-08-02 CVE-2017-12142 Out-of-bounds Read vulnerability in Ytnef Project Ytnef 1.9.2
In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
local
low complexity
ytnef-project CWE-125
5.5
2017-08-02 CVE-2017-12141 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ytnef Project Ytnef 1.9.2
In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
local
low complexity
ytnef-project CWE-119
5.5
2017-06-07 CVE-2017-9474 Out-of-bounds Read vulnerability in Ytnef Project Ytnef 1.9.2
In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
local
low complexity
ytnef-project CWE-125
5.5
2017-06-07 CVE-2017-9473 In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
local
low complexity
ytnef-project canonical
5.5
2017-06-07 CVE-2017-9472 Out-of-bounds Read vulnerability in Ytnef Project Ytnef 1.9.2
In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
local
low complexity
ytnef-project CWE-125
5.5
2017-06-07 CVE-2017-9471 Out-of-bounds Read vulnerability in multiple products
In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
local
low complexity
ytnef-project canonical CWE-125
5.5