Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/libytnef@1.9.3-1
purl pkg:deb/debian/libytnef@1.9.3-1
Next non-vulnerable version 1.9.3-3
Latest non-vulnerable version 1.9.3-3
Risk 3.1
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-4vcd-yfbf-2bew
Aliases:
CVE-2021-3404
Multiple vulnerabilities have been discovered in ytnef, the worst of which could potentially lead to remote code execution.
1.9.3-3
Affected by 0 other vulnerabilities.
VCID-4w5v-t22x-5khp
Aliases:
CVE-2021-3403
Multiple vulnerabilities have been discovered in ytnef, the worst of which could potentially lead to remote code execution.
1.9.3-3
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (9)
Vulnerability Summary Aliases
VCID-21bd-whcr-ekgv In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. CVE-2017-12141
VCID-2zd4-eyeq-27dd In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. CVE-2017-9471
VCID-8esx-t2u5-e3hq The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file. CVE-2017-9146
VCID-efxj-4v6j-fbaa In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. CVE-2017-9474
VCID-nrgn-8ky2-pyec In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file. CVE-2017-12142
VCID-qkuz-r9a9-vqbx In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. CVE-2017-9472
VCID-sag4-mswc-hbg5 In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file. CVE-2017-9473
VCID-uar8-sxnf-efhs In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file. CVE-2017-12144
VCID-ujwn-5uux-gygu In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. CVE-2017-9470

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T01:01:27.188783+00:00 Debian Oval Importer Affected by VCID-4w5v-t22x-5khp https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-16T00:46:04.479443+00:00 Debian Oval Importer Fixing VCID-nrgn-8ky2-pyec https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-16T00:31:16.735591+00:00 Debian Oval Importer Fixing VCID-21bd-whcr-ekgv https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T23:42:27.011968+00:00 Debian Oval Importer Fixing VCID-qkuz-r9a9-vqbx https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T23:18:42.675176+00:00 Debian Oval Importer Fixing VCID-2zd4-eyeq-27dd https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T21:21:18.033933+00:00 Debian Oval Importer Fixing VCID-ujwn-5uux-gygu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T21:12:12.569110+00:00 Debian Oval Importer Fixing VCID-sag4-mswc-hbg5 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T20:56:46.899216+00:00 Debian Oval Importer Fixing VCID-uar8-sxnf-efhs https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T19:08:22.168770+00:00 Debian Oval Importer Fixing VCID-8esx-t2u5-e3hq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T18:42:02.122431+00:00 Debian Oval Importer Affected by VCID-4vcd-yfbf-2bew https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T15:33:25.247553+00:00 Debian Oval Importer Fixing VCID-efxj-4v6j-fbaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-12T00:33:36.998908+00:00 Debian Oval Importer Affected by VCID-4w5v-t22x-5khp https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-12T00:18:38.302184+00:00 Debian Oval Importer Fixing VCID-nrgn-8ky2-pyec https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-12T00:04:34.004547+00:00 Debian Oval Importer Fixing VCID-21bd-whcr-ekgv https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T23:17:12.549152+00:00 Debian Oval Importer Fixing VCID-qkuz-r9a9-vqbx https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T22:54:20.566921+00:00 Debian Oval Importer Fixing VCID-2zd4-eyeq-27dd https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T21:00:51.373349+00:00 Debian Oval Importer Fixing VCID-ujwn-5uux-gygu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T20:52:03.527746+00:00 Debian Oval Importer Fixing VCID-sag4-mswc-hbg5 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T20:37:09.184691+00:00 Debian Oval Importer Fixing VCID-uar8-sxnf-efhs https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T18:52:08.181918+00:00 Debian Oval Importer Fixing VCID-8esx-t2u5-e3hq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T18:26:25.437222+00:00 Debian Oval Importer Affected by VCID-4vcd-yfbf-2bew https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T15:21:24.340828+00:00 Debian Oval Importer Fixing VCID-efxj-4v6j-fbaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-09T00:03:50.175969+00:00 Debian Oval Importer Affected by VCID-4w5v-t22x-5khp https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T23:49:30.499057+00:00 Debian Oval Importer Fixing VCID-nrgn-8ky2-pyec https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T23:35:51.530079+00:00 Debian Oval Importer Fixing VCID-21bd-whcr-ekgv https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T22:50:39.434239+00:00 Debian Oval Importer Fixing VCID-qkuz-r9a9-vqbx https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T22:28:45.362004+00:00 Debian Oval Importer Fixing VCID-2zd4-eyeq-27dd https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T20:40:05.930330+00:00 Debian Oval Importer Fixing VCID-ujwn-5uux-gygu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T20:31:37.047269+00:00 Debian Oval Importer Fixing VCID-sag4-mswc-hbg5 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T20:17:14.621841+00:00 Debian Oval Importer Fixing VCID-uar8-sxnf-efhs https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T18:36:55.404737+00:00 Debian Oval Importer Fixing VCID-8esx-t2u5-e3hq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T18:12:15.939042+00:00 Debian Oval Importer Affected by VCID-4vcd-yfbf-2bew https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T15:16:03.867501+00:00 Debian Oval Importer Fixing VCID-efxj-4v6j-fbaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0