CVE-2017-6307

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-6307
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-6307.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-6307
Downstream
Related
Published
2017-02-24T04:59:00Z
Modified
2025-10-15T09:02:54.187516Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapiattr.c:mapiattr_read(). These might lead to invalid read and write operations, controlled by an attacker.

References

Affected packages

Git / github.com/verdammelt/tnef

Affected ranges

Type
GIT
Repo
https://github.com/verdammelt/tnef
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1a17af1ed0c791aec44dbdc9eab91218cc1e335a

Affected versions

1.*

1.4.10
1.4.11
1.4.12

TNEF-1.*

TNEF-1.4.10
TNEF-1.4.11

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/verdammelt/tnef/commit/1a17af1ed0c791aec44dbdc9eab91218cc1e335a",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "331810224509785848595262136984167260140",
                "260962124637707873368913484303050040795",
                "141019743114053550504356423095494547089",
                "19364815697857148499323691621143556093",
                "57499698903805870635948258601093281470",
                "45004393790846653466737137423708067539",
                "176885340920489889989049669380019856010",
                "99386628911951047775383660862539188998",
                "173943463922568384106086338214791285594",
                "268077827556075707879214215960654627914",
                "14907159593144973976123842902063205786",
                "268684168776168329584259450879773126456",
                "219091945618742983414560302651495518848"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2017-6307-5b4e47d7",
        "target": {
            "file": "src/mapi_attr.c"
        }
    },
    {
        "source": "https://github.com/verdammelt/tnef/commit/1a17af1ed0c791aec44dbdc9eab91218cc1e335a",
        "deprecated": false,
        "digest": {
            "function_hash": "84843184331934401214275491645157137753",
            "length": 3935.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2017-6307-68e6f7f1",
        "target": {
            "file": "src/mapi_attr.c",
            "function": "mapi_attr_read"
        }
    }
]