Tnef · Tnef · CVE-2019-18849
**Name of the Vulnerable Software and Affected Versions**
tnef versions prior to 1.4.18
**Description**
The issue allows an attacker to potentially write to the victim's .ssh/authorized keys file via a crafted winmail.dat application/ms-tnef attachment in an email message. This is due to a heap-based buffer over-read involving the `strdup` function.
**Recommendations**
For versions prior to 1.4.18, update to version 1.4.18 or later to resolve the issue. As a temporary workaround, consider restricting the handling of winmail.dat attachments to minimize the risk of exploitation.