{"id":"CVE-2017-6310","details":"An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker.","modified":"2026-04-16T01:46:52.266045078Z","published":"2017-02-24T04:59:00.670Z","references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3798"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/96427"},{"type":"ADVISORY","url":"https://github.com/verdammelt/tnef/blob/master/ChangeLog"},{"type":"ADVISORY","url":"https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201708-02"},{"type":"ADVISORY","url":"https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/"},{"type":"REPORT","url":"https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d"},{"type":"FIX","url":"https://github.com/verdammelt/tnef/blob/master/ChangeLog"},{"type":"FIX","url":"https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d"},{"type":"FIX","url":"https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/verdammelt/tnef","events":[{"introduced":"0"},{"fixed":"8dccf79857ceeb7a6d3e42c1e762e7b865d5344d"}]}],"versions":["1.4.10","1.4.11","1.4.12","TNEF-1.4.10","TNEF-1.4.11"],"database_specific":{"vanir_signatures":[{"id":"CVE-2017-6310-41fb9249","signature_version":"v1","target":{"file":"src/tnef.c"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["198026675381378598136918978559635950715","197883137458325931566429736762297798740","55569942874643385056030519403425481236","315820125707022736023271826673519098703","184317996038389850484672192953773378205","185285453203974010001543747009674356702","80138880471179500448504686847742226734","118583104950737412050101628815895397609","159019980136055312002084872532628473077","335174517789474268564351573248308841282","196739265562039891779507603759542927473","145465205284422879697832471009261215398","266273557503046323279278437259720171094","162230972970127941688280272217823109658","198924396823051808120438216530619477695","245336452210896202368680760890556705875"]},"signature_type":"Line","source":"https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d"},{"id":"CVE-2017-6310-72677e04","signature_version":"v1","deprecated":false,"target":{"function":"get_html_data","file":"src/tnef.c"},"digest":{"function_hash":"319602346909933704118455433288689047607","length":477},"signature_type":"Function","source":"https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d"},{"id":"CVE-2017-6310-8620f38b","signature_version":"v1","deprecated":false,"target":{"function":"parse_file","file":"src/tnef.c"},"digest":{"function_hash":"310883956494664830628554080819429850455","length":2259},"signature_type":"Function","source":"https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d"},{"id":"CVE-2017-6310-878b188d","signature_version":"v1","deprecated":false,"target":{"file":"src/file.c"},"digest":{"threshold":0.9,"line_hashes":["138151071769226433556075413545005393756","277135416163209951123219148322374609393","126412037363254035877338532476883334812","331374001695761126880190164601914750198","99585233513506211196752181403776154016","314080117118958604106246441226585877142","172483809180712672819741677129296806873","77889792418256651879989494878836407546","213532925311297395984295287185050104659","61778962349337913486931847971946079889","121809170507165259310226444774030796799","101885054850481646565370498312837885335","36113953897462618777792659918891145030","52095504080876854231110348601564875882","157692707517904794838219806960429053206","213513085965865402180640687198932305285","96058814765431795254970051666436839601"]},"signature_type":"Line","source":"https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d"},{"id":"CVE-2017-6310-bc847a50","signature_version":"v1","target":{"function":"file_add_mapi_attrs","file":"src/file.c"},"signature_type":"Function","digest":{"function_hash":"256870819728380308798399002191052231","length":1190},"deprecated":false,"source":"https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-6310.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}