{"id":"MGASA-2017-0083","summary":"Updated tnef packages fix security vulnerability","details":"An issue was discovered in tnef before 1.4.13. Two OOB Writes have been\nidentified in src/mapi_attr.c:mapi_attr_read(). These might lead to\ninvalid read and write operations, controlled by an attacker.\n(CVE-2017-6307)\n\nAn issue was discovered in tnef before 1.4.13. Several Integer Overflows,\nwhich can lead to Heap Overflows, have been identified in the functions\nthat wrap memory allocation. (CVE-2017-6308)\n\nAn issue was discovered in tnef before 1.4.13. Two type confusions have\nbeen identified in the parse_file() function. These might lead to invalid\nread and write operations, controlled by an attacker. (CVE-2017-6309)\n\nAn issue was discovered in tnef before 1.4.13. Four type confusions have\nbeen identified in the file_add_mapi_attrs() function. These might lead to\ninvalid read and write operations, controlled by an attacker.\n(CVE-2017-6310)\n","modified":"2026-04-16T01:46:21.735981936Z","published":"2017-03-25T16:56:41Z","upstream":["CVE-2017-6307","CVE-2017-6308","CVE-2017-6309","CVE-2017-6310"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0083.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20343"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2017/02/23/17"},{"type":"WEB","url":"https://www.debian.org/security/2017/dsa-3798"}],"affected":[{"package":{"name":"tnef","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/tnef?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.9-4.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0083.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}