In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.
{
"unresolved_ranges": [
{
"cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"source": "CPE_FIELD",
"extracted_events": [
{
"last_affected": "16.04"
}
]
},
{
"cpe": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"source": "CPE_FIELD",
"extracted_events": [
{
"last_affected": "8.0"
}
]
},
{
"cpe": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"source": "CPE_FIELD",
"extracted_events": [
{
"last_affected": "30"
}
]
},
{
"cpe": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"source": "CPE_FIELD",
"extracted_events": [
{
"last_affected": "31"
}
]
}
]
}{
"cpe": "cpe:2.3:a:tnef_project:tnef:*:*:*:*:*:*:*:*",
"source": "CPE_FIELD",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.4.18"
}
]
}"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-18849.json"
"2026-04-11T16:44:43Z"
[
{
"signature_type": "Function",
"id": "CVE-2019-18849-0c99bc39",
"signature_version": "v1",
"deprecated": false,
"digest": {
"function_hash": "197527520806726047393812687626000968189",
"length": 3966.0
},
"target": {
"file": "src/main.c",
"function": "parse_cmdline"
},
"source": "https://github.com/verdammelt/tnef/commit/8edd0e046736764c6decc8cd6e0e739438408f3e"
},
{
"signature_type": "Line",
"id": "CVE-2019-18849-586681cd",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"17390164876592905577376831902072063451",
"109240640345055473013296847978297599553",
"137785748995152623693204248295444430259",
"155667681579234382799527855881423726826"
],
"threshold": 0.9
},
"target": {
"file": "src/main.c"
},
"source": "https://github.com/verdammelt/tnef/commit/8edd0e046736764c6decc8cd6e0e739438408f3e"
}
]