Tnef Project: >> Tnef >> 1.4.14 Security Vulnerabilities
In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.
CVSS Score
5.5
EPSS Score
0.008
Published
2019-11-11
An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-05-12