MGASA-2017-0174

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0174.html

Import Source

https://advisories.mageia.org/MGASA-2017-0174.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2017-0174

Related

Published

2017-06-14T15:52:21Z

Modified

2017-06-14T15:38:14Z

Summary

Updated libytnef packages fix security vulnerabilities

Details

Several issues were discovered in libytnef, a library used to decode application/ms-tnef e-mail attachments. Multiple heap overflows, out-of-bound writes and reads, NULL pointer dereferences and infinite loops could be exploited by tricking a user into opening a maliciously crafted winmail.dat file (CVE-2017-6298, CVE-2017-6299, CVE-2017-6300, CVE-2017-6301, CVE-2017-6302, CVE-2017-6303, CVE-2017-6304, CVE-2017-6305, CVE-2017-6306, CVE-2017-6800, CVE-2017-6801, CVE-2017-6802).

A heap-buffer-overflow vulnerability in libytnef due to an incorrect boundary checking in SIZECHCK macro in lib/ytnef.c (CVE-2017-9058).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2017-0174

Affected packages