{"id":"MGASA-2022-0316","summary":"Updated ytnef packages fix security vulnerability","details":"In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows\nremote attackers to cause a denial-of-service (and potentially code\nexecution) due to a double free which can be triggered via a crafted file.\n(CVE-2021-3403)\nIn ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote\nattackers to cause a denial-of-service (and potentially code execution)\ndue to a heap buffer overflow which can be triggered via a crafted file.\n(CVE-2021-3404)\n","modified":"2026-04-16T00:11:37.508066495Z","published":"2022-09-02T19:59:37Z","upstream":["CVE-2021-3403","CVE-2021-3404"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0316.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30735"},{"type":"WEB","url":"https://github.com/Yeraze/ytnef/releases"}],"affected":[{"package":{"name":"ytnef","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/ytnef?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0316.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}