CVE-2017-6308
HIGHtnef < 1.4.13 - Integer Overflow and Heap Overflow via Memory Allocation Wrapper
Title source: llmDescription
An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation.
References (6)
Core 6
Core References
Patch, Release Notes, Third Party Advisory x_refsource_misc
https://github.com/verdammelt/tnef/blob/master/ChangeLog
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96427
Patch, Third Party Advisory x_refsource_misc
https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3798
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201708-02
Scores
CVSS v3
7.8
EPSS
0.0154
EPSS Percentile
71.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (2)
debian/debian_linux
8.0
tnef_project/tnef
< 1.4.12
Published
Feb 24, 2017
Tracked Since
Feb 18, 2026