{"id":"MGASA-2017-0174","summary":"Updated libytnef packages fix security vulnerabilities","details":"Several issues were discovered in libytnef, a library used to decode\napplication/ms-tnef e-mail attachments. Multiple heap overflows,\nout-of-bound writes and reads, NULL pointer dereferences and infinite\nloops could be exploited by tricking a user into opening a maliciously\ncrafted winmail.dat file (CVE-2017-6298, CVE-2017-6299, CVE-2017-6300,\nCVE-2017-6301, CVE-2017-6302, CVE-2017-6303, CVE-2017-6304,\nCVE-2017-6305, CVE-2017-6306, CVE-2017-6800, CVE-2017-6801,\nCVE-2017-6802).\n\nA heap-buffer-overflow vulnerability in libytnef due to an incorrect\nboundary checking in SIZECHCK macro in lib/ytnef.c (CVE-2017-9058).\n","modified":"2026-04-16T06:26:12.282736923Z","published":"2017-06-14T15:52:21Z","upstream":["CVE-2017-6298","CVE-2017-6299","CVE-2017-6300","CVE-2017-6301","CVE-2017-6302","CVE-2017-6303","CVE-2017-6304","CVE-2017-6305","CVE-2017-6306","CVE-2017-6800","CVE-2017-6801","CVE-2017-6802","CVE-2017-9058"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0174.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20893"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2017/02/15/4"},{"type":"WEB","url":"https://www.debian.org/security/2017/dsa-3846"},{"type":"REPORT","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862556"}],"affected":[{"package":{"name":"libytnef","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libytnef?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5-10.2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0174.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}