CVE-2010-5109
Published: 5 May 2014
Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow.
Notes
| Author | Note |
|---|---|
| jdstrand | this is a DoS only since the memory after the unterminated comp_Prebuf.data is not actually access anywhere. libytnef0 is only used by evolution on 10.04 LTS and later. libytnef is linked in to modules/module-tnef-attachment.so from libevolution on 12.10 and later. plugins/liborg-gnome-tnef-attachments.so on 12.04 and earlier. This is shipped in the evolution-plugins-experimental package, from universe on 13.10+, PoC is recognized as TNEF file, but not all attachments are shown (not security) on 12.04, recognized as TNEF file, but not all attachments are shown (not security) on 11.10 and earlier, no crash (not security) |
Priority
References
- http://www.openwall.com/lists/oss-security/2013/04/11/1
- http://sourceforge.net/p/ytnef/bugs/13/
- http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083853.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083804.html
- https://www.cve.org/CVERecord?id=CVE-2010-5109
- NVD
- Launchpad
- Debian