Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Debian LTS Advisory ([SECURITY] [DLA 878-1] libytnef security update)

Information

Severity

Severity

Medium

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

6.8

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

6 years ago

Modified

Modified

5 years ago

Summary

CVE-2017-6298 Null Pointer Deref / calloc return value not checked CVE-2017-6299 Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c CVE-2017-6300 Buffer Overflow in version field in lib/tnef-types.h CVE-2017-6301 Out of Bounds Reads CVE-2017-6302 Integer Overflow CVE-2017-6303 Invalid Write and Integer Overflow CVE-2017-6304 Out of Bounds read CVE-2017-6305 Out of Bounds read and write CVE-2017-6801 Out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef CVE-2017-6802 Heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef

Affected Software

Affected Software

libytnef on Debian Linux

Detection Method

Detection Method

This check tests the installed software version using the apt package manager.

Solution

Solution

For Debian 7 'Wheezy', these problems have been fixed in version 1.5-4+deb7u1. We recommend that you upgrade your libytnef packages.