{"id":"CVE-2017-6308","details":"An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation.","modified":"2026-04-16T06:25:54.143826337Z","published":"2017-02-24T04:59:00.607Z","references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201708-02"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3798"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/96427"},{"type":"FIX","url":"https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/"},{"type":"FIX","url":"https://github.com/verdammelt/tnef/blob/master/ChangeLog"},{"type":"FIX","url":"https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/verdammelt/tnef","events":[{"introduced":"0"},{"last_affected":"99c70157998ff5f3c3e0fd1669c7cffdaaa32048"},{"fixed":"c5044689e50039635e7700fe2472fd632ac77176"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.4.12"}]}}],"versions":["1.4.10","1.4.11","1.4.12","TNEF-1.4.10","TNEF-1.4.11"],"database_specific":{"vanir_signatures_modified":"2026-04-11T04:59:44Z","vanir_signatures":[{"digest":{"length":186,"function_hash":"80647781257308677194827960595707241758"},"target":{"function":"xmalloc","file":"src/alloc.c"},"signature_type":"Function","source":"https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176","deprecated":false,"signature_version":"v1","id":"CVE-2017-6308-1fff0ee7"},{"digest":{"length":105,"function_hash":"15783034786864080875998758959590555462"},"target":{"function":"checked_xmalloc","file":"src/alloc.c"},"signature_type":"Function","source":"https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176","deprecated":false,"signature_version":"v1","id":"CVE-2017-6308-290d50bb"},{"target":{"file":"src/alloc.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["74577793251357847951624012834623964796","259120006362788898557182968957901382749","317070988496673012423271087459144346727","340003733135942291058728836243182118711","283263435890988534721651437552159911026","148412461001017286518232540592127839838","84359124317468807169832239954705471085","24071807926824837838195659260730455448","13051942348720689694512385239541424909","223943871900041502463050589332055862139","12397076515527315894056347930382561746","60488618786239953357603483916665940263","104482875846109879957863968540076120196","87203807592121774978594943157398192512","245667685669930674280224660251811031842","66520851616452270523773474690296645926","289452570597396420023335271120362671879","221316349256514322157399797202874492245","248376248363180207165795018382301935421","326479304575496046329346530080473873827","147404952834887334425368163582429953071","212121869205416016212422569982659294284","147265908407649884497817004294199411165","67042311451755526750742529003178827899","192757025590116312852855986609378380415","32557233928427254309222658051834074695","81021220967241253566928732391747722941","3756671556585328775992682930143694069","27471218305565935940059512140591345026","166002946199526813694456530195961979320","138137239272367138212280141514087855849","51955851802909229003963951751894151703","319077333378547946215801557925080714142","291748529743512344086676569851897529071","199804614681014939756579503354116145175","234493078577190041803095131225480610467","83868460254598889211169859545503625753","238833775603457862769285407875718724835","145432519966601555334936527853284898860","277217241578896900931443731825823034371","159734786079734328005266570997115980067"]},"source":"https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176","deprecated":false,"signature_version":"v1","id":"CVE-2017-6308-3240275e"},{"signature_type":"Function","target":{"function":"xcalloc","file":"src/alloc.c"},"digest":{"length":167,"function_hash":"19178948986734914441039532671796522971"},"source":"https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176","deprecated":false,"signature_version":"v1","id":"CVE-2017-6308-8605cc83"},{"signature_type":"Function","target":{"function":"checked_xcalloc","file":"src/alloc.c"},"digest":{"length":139,"function_hash":"174993485115829299738227768633706098438"},"source":"https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176","deprecated":false,"signature_version":"v1","id":"CVE-2017-6308-bf2571d8"},{"target":{"file":"src/alloc.h"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["244622816174095439308529034456048912615","74185541062882661439639506366234940940","174781808204308383683905081764386418714","243874785623914192116501608322138046359","185188867826587436615390029024330879741","8818342805407866744885455388093838918","22222180561445748243407109619268237743","37748432485487720316492973097047514689","148567876325088602522738595995016931796","40797451203388452006725910471006851070"]},"source":"https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176","deprecated":false,"signature_version":"v1","id":"CVE-2017-6308-d0e7d33d"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6308.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}