CVE-2017-6309

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-6309
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-6309.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-6309
Downstream
Related
Published
2017-02-24T04:59:00Z
Modified
2025-10-15T09:02:54.565566Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker.

References

Affected packages

Git / github.com/verdammelt/tnef

Affected ranges

Type
GIT
Repo
https://github.com/verdammelt/tnef
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8dccf79857ceeb7a6d3e42c1e762e7b865d5344d

Affected versions

1.*

1.4.10
1.4.11
1.4.12

TNEF-1.*

TNEF-1.4.10
TNEF-1.4.11

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "target": {
            "file": "src/tnef.c"
        },
        "source": "https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "198026675381378598136918978559635950715",
                "197883137458325931566429736762297798740",
                "55569942874643385056030519403425481236",
                "315820125707022736023271826673519098703",
                "184317996038389850484672192953773378205",
                "185285453203974010001543747009674356702",
                "80138880471179500448504686847742226734",
                "118583104950737412050101628815895397609",
                "159019980136055312002084872532628473077",
                "335174517789474268564351573248308841282",
                "196739265562039891779507603759542927473",
                "145465205284422879697832471009261215398",
                "266273557503046323279278437259720171094",
                "162230972970127941688280272217823109658",
                "198924396823051808120438216530619477695",
                "245336452210896202368680760890556705875"
            ]
        },
        "deprecated": false,
        "id": "CVE-2017-6309-41fb9249",
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "target": {
            "function": "get_html_data",
            "file": "src/tnef.c"
        },
        "source": "https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d",
        "digest": {
            "length": 477.0,
            "function_hash": "319602346909933704118455433288689047607"
        },
        "deprecated": false,
        "id": "CVE-2017-6309-72677e04",
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "target": {
            "function": "parse_file",
            "file": "src/tnef.c"
        },
        "source": "https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d",
        "digest": {
            "length": 2259.0,
            "function_hash": "310883956494664830628554080819429850455"
        },
        "deprecated": false,
        "id": "CVE-2017-6309-8620f38b",
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "src/file.c"
        },
        "source": "https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "138151071769226433556075413545005393756",
                "277135416163209951123219148322374609393",
                "126412037363254035877338532476883334812",
                "331374001695761126880190164601914750198",
                "99585233513506211196752181403776154016",
                "314080117118958604106246441226585877142",
                "172483809180712672819741677129296806873",
                "77889792418256651879989494878836407546",
                "213532925311297395984295287185050104659",
                "61778962349337913486931847971946079889",
                "121809170507165259310226444774030796799",
                "101885054850481646565370498312837885335",
                "36113953897462618777792659918891145030",
                "52095504080876854231110348601564875882",
                "157692707517904794838219806960429053206",
                "213513085965865402180640687198932305285",
                "96058814765431795254970051666436839601"
            ]
        },
        "deprecated": false,
        "id": "CVE-2017-6309-878b188d",
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "target": {
            "function": "file_add_mapi_attrs",
            "file": "src/file.c"
        },
        "source": "https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d",
        "digest": {
            "length": 1190.0,
            "function_hash": "256870819728380308798399002191052231"
        },
        "deprecated": false,
        "id": "CVE-2017-6309-bc847a50",
        "signature_type": "Function"
    }
]