DSA-3798-1 tnef -- tnefID: oval:org.secpod.oval:def:602788 | Date: (C)2017-03-02 (M)2023-04-19 |
Class: PATCH | Family: unix |
Eric Sesterhenn, from X41 D-Sec GmbH, discovered several vulnerabilities in tnef, a tool used to unpack MIME attachments of type "application/ms-tnef". Multiple heap overflows, type confusions and out of bound reads and writes could be exploited by tricking a user into opening a malicious attachment. This would result in denial of service via application crash, or potential arbitrary code execution.