Vulnerability Details CVE-2017-6307
An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.4%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- http://www.debian.org/security/2017/dsa-3798
- http://www.securityfocus.com/bid/96427
- https://github.com/verdammelt/tnef/blob/master/ChangeLog
- https://github.com/verdammelt/tnef/commit/1a17af1ed0c791aec44dbdc9eab91218cc1e335a
- https://security.gentoo.org/glsa/201708-02
- https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/
- http://www.debian.org/security/2017/dsa-3798
- http://www.securityfocus.com/bid/96427
- https://github.com/verdammelt/tnef/blob/master/ChangeLog
- https://github.com/verdammelt/tnef/commit/1a17af1ed0c791aec44dbdc9eab91218cc1e335a
- https://security.gentoo.org/glsa/201708-02
- https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/
Products affected by CVE-2017-6307
-
cpe:2.3:a:tnef_project:tnef:1.4.10
-
cpe:2.3:a:tnef_project:tnef:1.4.11
-
cpe:2.3:a:tnef_project:tnef:1.4.12
-
cpe:2.3:o:debian:debian_linux:8.0