SB2017040612 - Fedora EPEL 6 update for tnef

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017040612

SB2017040612 - Fedora EPEL 6 update for tnef

Published: April 6, 2017 Updated: April 24, 2025

Security Bulletin ID SB2017040612
Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Out-of-bounds write (CVE-ID: CVE-2017-6307)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker.


2) Integer overflow (CVE-ID: CVE-2017-6308)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation.


3) Out-of-bounds read (CVE-ID: CVE-2017-6309)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker.


4) Out-of-bounds read (CVE-ID: CVE-2017-6310)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker.


Remediation

Install update from vendor's website.

References