CVE-2017-6307

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-6307
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-6307.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-6307
Downstream
Related
Published
2017-02-24T04:59:00Z
Modified
2025-09-19T09:04:43.932559Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapiattr.c:mapiattr_read(). These might lead to invalid read and write operations, controlled by an attacker.

References

Affected packages

Git / github.com/verdammelt/tnef

Affected ranges

Type
GIT
Repo
https://github.com/verdammelt/tnef
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1a17af1ed0c791aec44dbdc9eab91218cc1e335a

Affected versions

1.*

1.4.10
1.4.11
1.4.12

TNEF-1.*

TNEF-1.4.10
TNEF-1.4.11

Database specific 

{
    "vanir_signatures": [
        {
            "signature_type": "Line",
            "target": {
                "file": "src/mapi_attr.c"
            },
            "source": "https://github.com/verdammelt/tnef/commit/1a17af1ed0c791aec44dbdc9eab91218cc1e335a",
            "id": "CVE-2017-6307-5b4e47d7",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "331810224509785848595262136984167260140",
                    "260962124637707873368913484303050040795",
                    "141019743114053550504356423095494547089",
                    "19364815697857148499323691621143556093",
                    "57499698903805870635948258601093281470",
                    "45004393790846653466737137423708067539",
                    "176885340920489889989049669380019856010",
                    "99386628911951047775383660862539188998",
                    "173943463922568384106086338214791285594",
                    "268077827556075707879214215960654627914",
                    "14907159593144973976123842902063205786",
                    "268684168776168329584259450879773126456",
                    "219091945618742983414560302651495518848"
                ],
                "threshold": 0.9
            }
        },
        {
            "signature_type": "Function",
            "target": {
                "function": "mapi_attr_read",
                "file": "src/mapi_attr.c"
            },
            "source": "https://github.com/verdammelt/tnef/commit/1a17af1ed0c791aec44dbdc9eab91218cc1e335a",
            "id": "CVE-2017-6307-68e6f7f1",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "function_hash": "84843184331934401214275491645157137753",
                "length": 3935.0
            }
        }
    ]
}