CVE-2010-5109
Publication date 5 May 2014
Last updated 24 July 2024
Ubuntu priority
Description
Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| libytnef | 14.04 LTS trusty | Not in release |
Notes
jdstrand
this is a DoS only since the memory after the unterminated comp_Prebuf.data is not actually access anywhere. libytnef0 is only used by evolution on 10.04 LTS and later. libytnef is linked in to modules/module-tnef-attachment.so from libevolution on 12.10 and later. plugins/liborg-gnome-tnef-attachments.so on 12.04 and earlier. This is shipped in the evolution-plugins-experimental package, from universe on 13.10+, PoC is recognized as TNEF file, but not all attachments are shown (not security) on 12.04, recognized as TNEF file, but not all attachments are shown (not security) on 11.10 and earlier, no crash (not security)
References
Other references
- http://www.openwall.com/lists/oss-security/2013/04/11/1
- http://sourceforge.net/p/ytnef/bugs/13/
- http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083853.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083804.html
- https://www.cve.org/CVERecord?id=CVE-2010-5109