{"id":"CVE-2017-6802","details":"An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef.","modified":"2026-04-02T00:14:07.421311Z","published":"2017-03-10T10:59:00.577Z","related":["MGASA-2017-0174"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ/"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3846"},{"type":"FIX","url":"https://github.com/Yeraze/ytnef/issues/34"},{"type":"FIX","url":"https://github.com/Yeraze/ytnef/commit/22f8346c8d4f0020a40d9f258fdb3bfc097359cc"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/yeraze/ytnef","events":[{"introduced":"0"},{"last_affected":"b36d6b25b7a546fc28d6c3812124e487987a4910"},{"fixed":"22f8346c8d4f0020a40d9f258fdb3bfc097359cc"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.9.1"}]}}],"versions":["v1.7","v1.8","v1.9","v1.9.1"],"database_specific":{"vanir_signatures":[{"signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["339425726455946902531056660795926002318","282937161389154332084400666347938973863","323291244489537285362763602063071117358","79985221685550948486671060107385885610"]},"source":"https://github.com/yeraze/ytnef/commit/22f8346c8d4f0020a40d9f258fdb3bfc097359cc","target":{"file":"lib/ytnef.c"},"signature_version":"v1","id":"CVE-2017-6802-3e1461a9"},{"signature_type":"Function","deprecated":false,"digest":{"function_hash":"211186934015105063584045027752204152342","length":2160},"source":"https://github.com/yeraze/ytnef/commit/22f8346c8d4f0020a40d9f258fdb3bfc097359cc","target":{"function":"DecompressRTF","file":"lib/ytnef.c"},"signature_version":"v1","id":"CVE-2017-6802-4e85c428"}],"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6802.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}