Every CVE whose affected-product data names Ytnef Project Ytnef, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (26)
CVE-2017-9058 — CVSS 9.8 (critical): In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in…
CVE-2017-9146 — CVSS 8.8 (high): The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory…
CVE-2021-3404 — CVSS 7.8 (high): In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution)…
CVE-2017-6298 — CVSS 7.8 (high): An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "1 of 9. Null Pointer Deref / calloc return value…
CVE-2017-6300 — CVSS 7.8 (high): An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "3 of 9. Buffer Overflow in version field in…
CVE-2017-6301 — CVSS 7.8 (high): An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "4 of 9. Out of Bounds Reads."
CVE-2017-6302 — CVSS 7.8 (high): An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow."
CVE-2017-6303 — CVSS 7.8 (high): An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer Overflow."
CVE-2017-6304 — CVSS 7.8 (high): An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read."
CVE-2017-6305 — CVSS 7.8 (high): An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "8 of 9. Out of Bounds read and write."
CVE-2017-6306 — CVSS 7.8 (high): An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename…
CVE-2021-3403 — CVSS 7.8 (high): In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code…
CVE-2009-3721 — CVSS 7.8 (high): Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived…
CVE-2017-6802 — CVSS 7.5 (high): An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related…
CVE-2017-6801 — CVSS 7.5 (high): An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef.
CVE-2017-6800 — CVSS 7.5 (high): An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG…
CVE-2017-12142 — CVSS 5.5 (medium): In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a…
CVE-2017-12141 — CVSS 5.5 (medium): In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to…
CVE-2017-9470 — CVSS 5.5 (medium): In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and…
CVE-2017-9471 — CVSS 5.5 (medium): In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and…
CVE-2017-9472 — CVSS 5.5 (medium): In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and…
CVE-2017-9473 — CVSS 5.5 (medium): In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a…
CVE-2017-9474 — CVSS 5.5 (medium): In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read…
CVE-2017-12144 — CVSS 5.5 (medium): In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of…
CVE-2017-6299 — CVSS 5.5 (medium): An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi…