CVE-2017-6308

NameCVE-2017-6308
DescriptionAn issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-839-1, DSA-3798-1
NVD severitymedium (attack range: remote)
Debian Bugs856117

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tnef (PTS)wheezy1.4.9-1vulnerable
wheezy (security)1.4.9-1+deb7u3fixed
jessie (security), jessie1.4.9-1+deb8u3fixed
buster, sid, stretch1.4.12-1.2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tnefsource(unstable)1.4.12-1.1medium856117
tnefsourcejessie1.4.9-1+deb8u1mediumDSA-3798-1
tnefsourcewheezy1.4.9-1+deb7u1mediumDLA-839-1

Notes

https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/
Fixed by: https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176

Search for package or bug name: Reporting problems