Shodan
Vulnerabilities
Vulnerable Software
Ytnef Project:  >> Ytnef  >> 1.9.2  Security Vulnerabilities
CVE-2009-3721
Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments.
CVSS Score
7.8
EPSS Score
0.008
Published
2021-05-26
CVE-2009-3887
ytnef has directory traversal
CVSS Score
9.8
EPSS Score
0.004
Published
2019-10-29
CVE-2017-12141
In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-08-02
CVE-2017-12142
In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-08-02
CVE-2017-12144
In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-08-02
CVE-2017-9470
In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-06-07
CVE-2017-9471
In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-06-07
CVE-2017-9472
In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-06-07
CVE-2017-9473
In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVSS Score
5.5
EPSS Score
0.003
Published
2017-06-07
CVE-2017-9474
In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-06-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved