Shodan
Vulnerabilities
Vulnerable Software
Ytnef Project:  >> Ytnef  Security Vulnerabilities
CVE-2009-3721
Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments.
CVSS Score
7.8
EPSS Score
0.008
Published
2021-05-26
CVE-2021-3403
In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.
CVSS Score
7.8
EPSS Score
0.008
Published
2021-03-04
CVE-2021-3404
In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.
CVSS Score
7.8
EPSS Score
0.021
Published
2021-03-04
CVE-2009-3887
ytnef has directory traversal
CVSS Score
9.8
EPSS Score
0.004
Published
2019-10-29
CVE-2017-12141
In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-08-02
CVE-2017-12142
In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-08-02
CVE-2017-12144
In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-08-02
CVE-2017-9470
In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-06-07
CVE-2017-9471
In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-06-07
CVE-2017-9472
In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-06-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved