{"id":"CVE-2019-18849","details":"In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.","modified":"2026-04-16T00:09:56.594580952Z","published":"2019-11-11T04:15:10.530Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"16.04"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*"},{"extracted_events":[{"last_affected":"8.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"30"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"31"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKFSHPMOZL7MDWU5RYOTIBTRWSZ4Z6X/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7CPKBW4QZ4VIY4UXIUVUSHRJ4R2FROE/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00035.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/08/msg00025.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4524-1/"},{"type":"FIX","url":"https://github.com/verdammelt/tnef/compare/1.4.17...1.4.18"},{"type":"FIX","url":"https://github.com/verdammelt/tnef/pull/40"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/verdammelt/tnef","events":[{"introduced":"0"},{"fixed":"8edd0e046736764c6decc8cd6e0e739438408f3e"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"1.4.18"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:tnef_project:tnef:*:*:*:*:*:*:*:*"}}],"versions":["1.4.10","1.4.11","1.4.12","1.4.14","1.4.15","1.4.16","1.4.17","TNEF-1.4.10","TNEF-1.4.11"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","id":"CVE-2019-18849-0c99bc39","digest":{"length":3966,"function_hash":"197527520806726047393812687626000968189"},"deprecated":false,"source":"https://github.com/verdammelt/tnef/commit/8edd0e046736764c6decc8cd6e0e739438408f3e","signature_type":"Function","target":{"function":"parse_cmdline","file":"src/main.c"}},{"signature_version":"v1","id":"CVE-2019-18849-586681cd","digest":{"line_hashes":["17390164876592905577376831902072063451","109240640345055473013296847978297599553","137785748995152623693204248295444430259","155667681579234382799527855881423726826"],"threshold":0.9},"deprecated":false,"source":"https://github.com/verdammelt/tnef/commit/8edd0e046736764c6decc8cd6e0e739438408f3e","signature_type":"Line","target":{"file":"src/main.c"}}],"vanir_signatures_modified":"2026-04-11T16:44:43Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-18849.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}