CVE-2017-9146

Name of the Vulnerable Software and Affected Versions libytnef versions prior to 1.9.3 libytnef version 1.9.2 and earlier

Description The issue is related to the TNEFFillMapi function in lib/ytnef.c, which does not ensure a nonzero count value before a certain memory allocation. This allows remote attackers to cause a denial of service, resulting in a heap-based buffer overflow and application crash, or possibly have other unspecified impacts via a crafted tnef file.

Recommendations For libytnef versions prior to 1.9.3, update to version 1.9.3 or later to resolve the issue. For libytnef version 1.9.2 and earlier, update to version 1.9.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the TNEFFillMapi function in lib/ytnef.c until a patch is available.