CVE-2009-3721

7.8HIGH

Key Information:

Vendor: Gnome
Status: Ytnef
Vendor: CVE Published:; 26 May 2021

Summary

Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments.

Affected Version(s)

ytnef ytnef 2.8

References

https://bugzilla.redhat.com/show_bug.cgi?id=521662

x_refsource_MISC

http://www.ocert.org/advisories/ocert-2009-013.html

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 26, 2021
Vulnerability Reserved
Oct 16, 2009