Jasperlao

Name of the Vulnerable Software and Affected Versions: ytnef version 1.9.3 Description: The issue allows remote attackers to cause a denial-of-service and potentially code execution due to a double free in the `TNEFSubjectHandler` function, which can be triggered via a crafted file. Recommendations: For ytnef version 1.9.3, consider disabling the `TNEFSubjectHandler` function in lib/ytnef.c as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ytnef version 1.9.3 Description: The issue allows remote attackers to cause a denial-of-service and potentially execute code due to a heap buffer overflow. This can be triggered via a crafted file, specifically affecting the SwapWord function in lib/ytnef.c. Recommendations: For ytnef version 1.9.3, consider disabling the SwapWord function in lib/ytnef.c as a temporary workaround until a patch is available. Restrict access to crafted files that could trigger the heap buffer overflow to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.