USN-4615-1
- Source
- https://ubuntu.com/security/notices/USN-4615-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4615-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-4615-1
- Upstream
- Related
- Published
- 2020-11-03T16:12:24.631352Z
- Modified
- 2025-10-13T04:35:16Z
- Summary
- libytnef vulnerabilities
- Details
-
It was discovered that Yerase's TNEF had null pointer dereferences, infinite loop, buffer overflow, out of bounds reads, directory traversal issues and other vulnerabilities. An attacker could use those issues to cause a crash and consequently a denial of service. (CVE-2017-6298, CVE-2017-6299, CVE-2017-6300, CVE-2017-6301, CVE-2017-6302, CVE-2017-6303, CVE-2017-6304, CVE-2017-6305, CVE-2017-6306, CVE-2017-6800, CVE-2017-6801, CVE-2017-6802)
- References
-
- https://ubuntu.com/security/notices/USN-4615-1
- https://ubuntu.com/security/CVE-2017-6298
- https://ubuntu.com/security/CVE-2017-6299
- https://ubuntu.com/security/CVE-2017-6300
- https://ubuntu.com/security/CVE-2017-6301
- https://ubuntu.com/security/CVE-2017-6302
- https://ubuntu.com/security/CVE-2017-6303
- https://ubuntu.com/security/CVE-2017-6304
- https://ubuntu.com/security/CVE-2017-6305
- https://ubuntu.com/security/CVE-2017-6306
- https://ubuntu.com/security/CVE-2017-6800
- https://ubuntu.com/security/CVE-2017-6801
- https://ubuntu.com/security/CVE-2017-6802
Affected packages
Ubuntu:16.04:LTS / libytnef
Package
- Name
- libytnef
- Purl
- pkg:deb/ubuntu/libytnef@1.5-9ubuntu0.1?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.5-9ubuntu0.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libytnef0",
"binary_version": "1.5-9ubuntu0.1"
},
{
"binary_name": "libytnef0-dev",
"binary_version": "1.5-9ubuntu0.1"
}
]
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4615-1.json"
cves_map
{
"ecosystem": "Ubuntu:16.04:LTS",
"cves": [
{
"id": "CVE-2017-6298",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "low"
}
]
},
{
"id": "CVE-2017-6299",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
},
{
"type": "Ubuntu",
"score": "low"
}
]
},
{
"id": "CVE-2017-6300",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2017-6301",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "low"
}
]
},
{
"id": "CVE-2017-6302",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2017-6303",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2017-6304",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "low"
}
]
},
{
"id": "CVE-2017-6305",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2017-6306",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2017-6800",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2017-6801",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
},
{
"id": "CVE-2017-6802",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
]
}