Description
An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker.
References (6)
Core 6
Core References
Patch, Release Notes, Third Party Advisory x_refsource_misc
https://github.com/verdammelt/tnef/blob/master/ChangeLog
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/96427
Patch, Third Party Advisory x_refsource_misc
https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3798
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201708-02
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d
Scores
CVSS v3
7.8
EPSS
0.0044
EPSS Percentile
63.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-125
CWE-787
Status
published
Products (2)
debian/debian_linux
8.0
tnef_project/tnef
< 1.4.12
Published
Feb 24, 2017
Tracked Since
Feb 18, 2026