📦

ytnef

Vendor: ytnef_project

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 0 Code Available
Total RCEs 2 Remote Access
Total CVEs 378 Total Indexed
Avg. EPSS 0.45% Exploit Prob.
Latest CVE CVE-2009-3721 May 26

Security Vulnerability Index

Page 1 / 38
7.8 CVSS
CVE-2009-3721
RCE

Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments.

EPSS: 0.29%
7.8 CVSS
CVE-2021-3404
RCE

In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.

EPSS: 2.36%
7.8 CVSS
CVE-2021-3403

In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.

EPSS: 1.02%
9.8 CVSS
CVE-2009-3887

ytnef has directory traversal

EPSS: 0.33%
5.5 CVSS
CVE-2017-12144

In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.

EPSS: 0.33%
5.5 CVSS
CVE-2017-12142

In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file.

EPSS: 0.16%
5.5 CVSS
CVE-2017-12141

In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.

EPSS: 0.17%
5.5 CVSS
CVE-2017-9474

In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

EPSS: 0.20%
5.5 CVSS
CVE-2017-9473

In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file.

EPSS: 0.26%
5.5 CVSS
CVE-2017-9472

In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

EPSS: 0.20%