Directory Traversal and Buffer Overflow in yTNEF and Evolution TNEF Parser
CVE-2009-3721

7.8HIGH

Key Information:

Vendor: Gnome
Status: Ytnef
Vendor: CVE Published:; 26 May 2021

What is CVE-2009-3721?

Multiple vulnerabilities were discovered in yTNEF and the Evolution TNEF parser, which could allow attackers to exploit crafted emails. These vulnerabilities can lead to directory traversal and buffer overflow attacks, enabling unauthorized data writing on the filesystem, potential application crashes, or even execution of arbitrary code when processing email attachments.

Affected Version(s)

ytnef ytnef 2.8

References

https://bugzilla.redhat.com/show_bug.cgi?id=521662

x_refsource_MISC

http://www.ocert.org/advisories/ocert-2009-013.html

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2021
Vulnerability Reserved
Oct 16, 2009

Gnome

What is CVE-2009-3721?

Affected Version(s)

References

CVSS V3.1

Timeline