{"url":"http://public2.vulnerablecode.io/api/packages/5728?format=json","purl":"pkg:deb/debian/libytnef@1.5-1","type":"deb","namespace":"debian","name":"libytnef","version":"1.5-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.9.3-3","latest_non_vulnerable_version":"1.9.3-3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78098?format=json","vulnerability_id":"VCID-1jh9-jwyd-6khu","summary":"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"6 of 9. Invalid Write and Integer Overflow.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6303","reference_id":"","reference_type":"","scores":[{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56242","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56298","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56304","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56291","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56275","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56294","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6298","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6298"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6306"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6802"},{"reference_url":"https://usn.ubuntu.com/3288-1/","reference_id":"USN-3288-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3288-1/"},{"reference_url":"https://usn.ubuntu.com/4615-1/","reference_id":"USN-4615-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4615-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5732?format=json","purl":"pkg:deb/debian/libytnef@1.5-6%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jh9-jwyd-6khu"},{"vulnerability":"VCID-1n63-1mau-huc4"},{"vulnerability":"VCID-1uz6-pfzn-yqhr"},{"vulnerability":"VCID-23ss-tyey-5kb4"},{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-dq1d-z2eh-tye6"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-h22j-gunw-zyex"},{"vulnerability":"VCID-hamy-ac84-yqac"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-pe79-6bpa-jqfs"},{"vulnerability":"VCID-qqbg-u8qc-bbcw"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-sfay-hebc-v3er"},{"vulnerability":"VCID-u4v9-ptuv-w7by"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-vhtp-a9g6-byem"},{"vulnerability":"VCID-vvbr-837v-juck"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.5-6%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5733?format=json","purl":"pkg:deb/debian/libytnef@1.9.2-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.2-2"}],"aliases":["CVE-2017-6303"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1jh9-jwyd-6khu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78101?format=json","vulnerability_id":"VCID-1n63-1mau-huc4","summary":"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6306","reference_id":"","reference_type":"","scores":[{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64949","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64992","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.65002","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.6499","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64978","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64996","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6306"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6298","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6298"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6306"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6802"},{"reference_url":"https://usn.ubuntu.com/3288-1/","reference_id":"USN-3288-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3288-1/"},{"reference_url":"https://usn.ubuntu.com/4615-1/","reference_id":"USN-4615-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4615-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5732?format=json","purl":"pkg:deb/debian/libytnef@1.5-6%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jh9-jwyd-6khu"},{"vulnerability":"VCID-1n63-1mau-huc4"},{"vulnerability":"VCID-1uz6-pfzn-yqhr"},{"vulnerability":"VCID-23ss-tyey-5kb4"},{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-dq1d-z2eh-tye6"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-h22j-gunw-zyex"},{"vulnerability":"VCID-hamy-ac84-yqac"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-pe79-6bpa-jqfs"},{"vulnerability":"VCID-qqbg-u8qc-bbcw"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-sfay-hebc-v3er"},{"vulnerability":"VCID-u4v9-ptuv-w7by"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-vhtp-a9g6-byem"},{"vulnerability":"VCID-vvbr-837v-juck"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.5-6%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5733?format=json","purl":"pkg:deb/debian/libytnef@1.9.2-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.2-2"}],"aliases":["CVE-2017-6306"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1n63-1mau-huc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78094?format=json","vulnerability_id":"VCID-1uz6-pfzn-yqhr","summary":"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6299","reference_id":"","reference_type":"","scores":[{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57881","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57933","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57941","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.5793","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57918","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57934","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6298","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6298"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6306"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6802"},{"reference_url":"https://usn.ubuntu.com/3288-1/","reference_id":"USN-3288-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3288-1/"},{"reference_url":"https://usn.ubuntu.com/4615-1/","reference_id":"USN-4615-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4615-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5732?format=json","purl":"pkg:deb/debian/libytnef@1.5-6%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jh9-jwyd-6khu"},{"vulnerability":"VCID-1n63-1mau-huc4"},{"vulnerability":"VCID-1uz6-pfzn-yqhr"},{"vulnerability":"VCID-23ss-tyey-5kb4"},{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-dq1d-z2eh-tye6"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-h22j-gunw-zyex"},{"vulnerability":"VCID-hamy-ac84-yqac"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-pe79-6bpa-jqfs"},{"vulnerability":"VCID-qqbg-u8qc-bbcw"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-sfay-hebc-v3er"},{"vulnerability":"VCID-u4v9-ptuv-w7by"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-vhtp-a9g6-byem"},{"vulnerability":"VCID-vvbr-837v-juck"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.5-6%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5733?format=json","purl":"pkg:deb/debian/libytnef@1.9.2-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.2-2"}],"aliases":["CVE-2017-6299"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1uz6-pfzn-yqhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78099?format=json","vulnerability_id":"VCID-23ss-tyey-5kb4","summary":"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"7 of 9. Out of Bounds read.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6304","reference_id":"","reference_type":"","scores":[{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58482","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58529","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58538","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.5853","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58516","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58531","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6298","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6298"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6306"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6802"},{"reference_url":"https://usn.ubuntu.com/3288-1/","reference_id":"USN-3288-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3288-1/"},{"reference_url":"https://usn.ubuntu.com/4615-1/","reference_id":"USN-4615-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4615-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5732?format=json","purl":"pkg:deb/debian/libytnef@1.5-6%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jh9-jwyd-6khu"},{"vulnerability":"VCID-1n63-1mau-huc4"},{"vulnerability":"VCID-1uz6-pfzn-yqhr"},{"vulnerability":"VCID-23ss-tyey-5kb4"},{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-dq1d-z2eh-tye6"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-h22j-gunw-zyex"},{"vulnerability":"VCID-hamy-ac84-yqac"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-pe79-6bpa-jqfs"},{"vulnerability":"VCID-qqbg-u8qc-bbcw"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-sfay-hebc-v3er"},{"vulnerability":"VCID-u4v9-ptuv-w7by"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-vhtp-a9g6-byem"},{"vulnerability":"VCID-vvbr-837v-juck"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.5-6%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5733?format=json","purl":"pkg:deb/debian/libytnef@1.9.2-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.2-2"}],"aliases":["CVE-2017-6304"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-23ss-tyey-5kb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78091?format=json","vulnerability_id":"VCID-4uam-1xf3-j7h4","summary":"In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12144","reference_id":"","reference_type":"","scores":[{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56153","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56208","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56214","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56201","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56184","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56204","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12144"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870817","reference_id":"870817","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870817"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517019?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-scum-8cdj-rfez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1"}],"aliases":["CVE-2017-12144"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4uam-1xf3-j7h4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78112?format=json","vulnerability_id":"VCID-5tnx-uqxf-6kdt","summary":"In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3404","reference_id":"","reference_type":"","scores":[{"value":"0.02358","scoring_system":"epss","scoring_elements":"0.85242","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02358","scoring_system":"epss","scoring_elements":"0.85212","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02358","scoring_system":"epss","scoring_elements":"0.85237","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02358","scoring_system":"epss","scoring_elements":"0.85238","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02358","scoring_system":"epss","scoring_elements":"0.85236","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02358","scoring_system":"epss","scoring_elements":"0.85224","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3404"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982596","reference_id":"982596","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982596"},{"reference_url":"https://security.archlinux.org/AVG-1552","reference_id":"AVG-1552","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1552"},{"reference_url":"https://security.gentoo.org/glsa/202405-24","reference_id":"GLSA-202405-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-24"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/913211?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-3"}],"aliases":["CVE-2021-3404"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5tnx-uqxf-6kdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78089?format=json","vulnerability_id":"VCID-acxb-qewa-6ydh","summary":"In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12141","reference_id":"","reference_type":"","scores":[{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.385","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38589","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38591","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38563","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38535","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38545","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12141"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12141","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12141"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870815","reference_id":"870815","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870815"},{"reference_url":"https://usn.ubuntu.com/3667-1/","reference_id":"USN-3667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3667-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517019?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-scum-8cdj-rfez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1"}],"aliases":["CVE-2017-12141"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-acxb-qewa-6ydh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78097?format=json","vulnerability_id":"VCID-dq1d-z2eh-tye6","summary":"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"5 of 9. Integer Overflow.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6302","reference_id":"","reference_type":"","scores":[{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55459","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55516","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55521","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55509","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.5549","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6298","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6298"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6306"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6802"},{"reference_url":"https://usn.ubuntu.com/3288-1/","reference_id":"USN-3288-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3288-1/"},{"reference_url":"https://usn.ubuntu.com/4615-1/","reference_id":"USN-4615-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4615-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5732?format=json","purl":"pkg:deb/debian/libytnef@1.5-6%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jh9-jwyd-6khu"},{"vulnerability":"VCID-1n63-1mau-huc4"},{"vulnerability":"VCID-1uz6-pfzn-yqhr"},{"vulnerability":"VCID-23ss-tyey-5kb4"},{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-dq1d-z2eh-tye6"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-h22j-gunw-zyex"},{"vulnerability":"VCID-hamy-ac84-yqac"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-pe79-6bpa-jqfs"},{"vulnerability":"VCID-qqbg-u8qc-bbcw"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-sfay-hebc-v3er"},{"vulnerability":"VCID-u4v9-ptuv-w7by"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-vhtp-a9g6-byem"},{"vulnerability":"VCID-vvbr-837v-juck"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.5-6%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5733?format=json","purl":"pkg:deb/debian/libytnef@1.9.2-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.2-2"}],"aliases":["CVE-2017-6302"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dq1d-z2eh-tye6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78109?format=json","vulnerability_id":"VCID-euww-z8fu-vfbf","summary":"In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9473","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49785","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49847","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49856","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49838","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49809","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49827","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9473"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870197","reference_id":"870197","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870197"},{"reference_url":"https://usn.ubuntu.com/3667-1/","reference_id":"USN-3667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3667-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517019?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-scum-8cdj-rfez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1"}],"aliases":["CVE-2017-9473"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-euww-z8fu-vfbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78096?format=json","vulnerability_id":"VCID-h22j-gunw-zyex","summary":"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"4 of 9. Out of Bounds Reads.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6301","reference_id":"","reference_type":"","scores":[{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58482","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58529","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58538","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.5853","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58516","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58531","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6298","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6298"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6306"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6802"},{"reference_url":"https://usn.ubuntu.com/3288-1/","reference_id":"USN-3288-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3288-1/"},{"reference_url":"https://usn.ubuntu.com/4615-1/","reference_id":"USN-4615-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4615-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5732?format=json","purl":"pkg:deb/debian/libytnef@1.5-6%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jh9-jwyd-6khu"},{"vulnerability":"VCID-1n63-1mau-huc4"},{"vulnerability":"VCID-1uz6-pfzn-yqhr"},{"vulnerability":"VCID-23ss-tyey-5kb4"},{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-dq1d-z2eh-tye6"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-h22j-gunw-zyex"},{"vulnerability":"VCID-hamy-ac84-yqac"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-pe79-6bpa-jqfs"},{"vulnerability":"VCID-qqbg-u8qc-bbcw"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-sfay-hebc-v3er"},{"vulnerability":"VCID-u4v9-ptuv-w7by"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-vhtp-a9g6-byem"},{"vulnerability":"VCID-vvbr-837v-juck"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.5-6%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5733?format=json","purl":"pkg:deb/debian/libytnef@1.9.2-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.2-2"}],"aliases":["CVE-2017-6301"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h22j-gunw-zyex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78103?format=json","vulnerability_id":"VCID-hamy-ac84-yqac","summary":"An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6801","reference_id":"","reference_type":"","scores":[{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.6656","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.666","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66607","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66593","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66578","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66595","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6298","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6298"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6306"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6802"},{"reference_url":"https://usn.ubuntu.com/3288-1/","reference_id":"USN-3288-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3288-1/"},{"reference_url":"https://usn.ubuntu.com/4615-1/","reference_id":"USN-4615-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4615-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5732?format=json","purl":"pkg:deb/debian/libytnef@1.5-6%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jh9-jwyd-6khu"},{"vulnerability":"VCID-1n63-1mau-huc4"},{"vulnerability":"VCID-1uz6-pfzn-yqhr"},{"vulnerability":"VCID-23ss-tyey-5kb4"},{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-dq1d-z2eh-tye6"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-h22j-gunw-zyex"},{"vulnerability":"VCID-hamy-ac84-yqac"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-pe79-6bpa-jqfs"},{"vulnerability":"VCID-qqbg-u8qc-bbcw"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-sfay-hebc-v3er"},{"vulnerability":"VCID-u4v9-ptuv-w7by"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-vhtp-a9g6-byem"},{"vulnerability":"VCID-vvbr-837v-juck"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.5-6%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5733?format=json","purl":"pkg:deb/debian/libytnef@1.9.2-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.2-2"}],"aliases":["CVE-2017-6801"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hamy-ac84-yqac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78107?format=json","vulnerability_id":"VCID-hfas-b69x-83b7","summary":"In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9471","reference_id":"","reference_type":"","scores":[{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45527","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45595","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45599","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.4558","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45554","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45567","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9471"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9471","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9471"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870194","reference_id":"870194","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870194"},{"reference_url":"https://usn.ubuntu.com/3667-1/","reference_id":"USN-3667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3667-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517019?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-scum-8cdj-rfez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1"}],"aliases":["CVE-2017-9471"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hfas-b69x-83b7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78105?format=json","vulnerability_id":"VCID-k28p-uhqw-fudr","summary":"The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9146","reference_id":"","reference_type":"","scores":[{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.70091","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.70132","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.7014","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.70121","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00608","scoring_system":"epss","scoring_elements":"0.70109","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9146"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862707","reference_id":"862707","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862707"},{"reference_url":"https://usn.ubuntu.com/3667-1/","reference_id":"USN-3667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3667-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517019?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-scum-8cdj-rfez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1"}],"aliases":["CVE-2017-9146"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k28p-uhqw-fudr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78104?format=json","vulnerability_id":"VCID-pe79-6bpa-jqfs","summary":"An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6802","reference_id":"","reference_type":"","scores":[{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74348","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74381","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74386","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74373","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74356","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00797","scoring_system":"epss","scoring_elements":"0.74382","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6802"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6298","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6298"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6306"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6802"},{"reference_url":"https://usn.ubuntu.com/3288-1/","reference_id":"USN-3288-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3288-1/"},{"reference_url":"https://usn.ubuntu.com/4615-1/","reference_id":"USN-4615-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4615-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5732?format=json","purl":"pkg:deb/debian/libytnef@1.5-6%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jh9-jwyd-6khu"},{"vulnerability":"VCID-1n63-1mau-huc4"},{"vulnerability":"VCID-1uz6-pfzn-yqhr"},{"vulnerability":"VCID-23ss-tyey-5kb4"},{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-dq1d-z2eh-tye6"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-h22j-gunw-zyex"},{"vulnerability":"VCID-hamy-ac84-yqac"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-pe79-6bpa-jqfs"},{"vulnerability":"VCID-qqbg-u8qc-bbcw"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-sfay-hebc-v3er"},{"vulnerability":"VCID-u4v9-ptuv-w7by"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-vhtp-a9g6-byem"},{"vulnerability":"VCID-vvbr-837v-juck"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.5-6%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5733?format=json","purl":"pkg:deb/debian/libytnef@1.9.2-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.2-2"}],"aliases":["CVE-2017-6802"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pe79-6bpa-jqfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65186?format=json","vulnerability_id":"VCID-qm9m-rzy8-qkac","summary":"Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-5109","reference_id":"","reference_type":"","scores":[{"value":"0.0124","scoring_system":"epss","scoring_elements":"0.79582","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0124","scoring_system":"epss","scoring_elements":"0.79608","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0124","scoring_system":"epss","scoring_elements":"0.79613","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0124","scoring_system":"epss","scoring_elements":"0.79609","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0124","scoring_system":"epss","scoring_elements":"0.79599","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0124","scoring_system":"epss","scoring_elements":"0.79618","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-5109"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5109","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5109"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705468","reference_id":"705468","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705468"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771360","reference_id":"771360","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771360"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5731?format=json","purl":"pkg:deb/debian/libytnef@1.5-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jh9-jwyd-6khu"},{"vulnerability":"VCID-1n63-1mau-huc4"},{"vulnerability":"VCID-1uz6-pfzn-yqhr"},{"vulnerability":"VCID-23ss-tyey-5kb4"},{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-dq1d-z2eh-tye6"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-h22j-gunw-zyex"},{"vulnerability":"VCID-hamy-ac84-yqac"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-pe79-6bpa-jqfs"},{"vulnerability":"VCID-qqbg-u8qc-bbcw"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-sfay-hebc-v3er"},{"vulnerability":"VCID-u4v9-ptuv-w7by"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-vhtp-a9g6-byem"},{"vulnerability":"VCID-vvbr-837v-juck"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.5-6"}],"aliases":["CVE-2010-5109"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qm9m-rzy8-qkac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78093?format=json","vulnerability_id":"VCID-qqbg-u8qc-bbcw","summary":"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"1 of 9. Null Pointer Deref / calloc return value not checked.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6298","reference_id":"","reference_type":"","scores":[{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54657","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54714","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54725","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54718","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54697","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00312","scoring_system":"epss","scoring_elements":"0.54717","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6298"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6298","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6298"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6306"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6802"},{"reference_url":"https://usn.ubuntu.com/3288-1/","reference_id":"USN-3288-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3288-1/"},{"reference_url":"https://usn.ubuntu.com/4615-1/","reference_id":"USN-4615-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4615-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5732?format=json","purl":"pkg:deb/debian/libytnef@1.5-6%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jh9-jwyd-6khu"},{"vulnerability":"VCID-1n63-1mau-huc4"},{"vulnerability":"VCID-1uz6-pfzn-yqhr"},{"vulnerability":"VCID-23ss-tyey-5kb4"},{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-dq1d-z2eh-tye6"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-h22j-gunw-zyex"},{"vulnerability":"VCID-hamy-ac84-yqac"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-pe79-6bpa-jqfs"},{"vulnerability":"VCID-qqbg-u8qc-bbcw"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-sfay-hebc-v3er"},{"vulnerability":"VCID-u4v9-ptuv-w7by"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-vhtp-a9g6-byem"},{"vulnerability":"VCID-vvbr-837v-juck"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.5-6%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5733?format=json","purl":"pkg:deb/debian/libytnef@1.9.2-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.2-2"}],"aliases":["CVE-2017-6298"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qqbg-u8qc-bbcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78106?format=json","vulnerability_id":"VCID-r6th-ernk-5yam","summary":"In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9470","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45421","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4549","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45493","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45473","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45448","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45461","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9470"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870196","reference_id":"870196","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870196"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517019?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-scum-8cdj-rfez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1"}],"aliases":["CVE-2017-9470"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r6th-ernk-5yam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78111?format=json","vulnerability_id":"VCID-scum-8cdj-rfez","summary":"In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3403","reference_id":"","reference_type":"","scores":[{"value":"0.01017","scoring_system":"epss","scoring_elements":"0.77561","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01017","scoring_system":"epss","scoring_elements":"0.77525","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01017","scoring_system":"epss","scoring_elements":"0.77552","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01017","scoring_system":"epss","scoring_elements":"0.77563","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01017","scoring_system":"epss","scoring_elements":"0.77553","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01017","scoring_system":"epss","scoring_elements":"0.77542","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3403"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982594","reference_id":"982594","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982594"},{"reference_url":"https://security.archlinux.org/AVG-1552","reference_id":"AVG-1552","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1552"},{"reference_url":"https://security.gentoo.org/glsa/202405-24","reference_id":"GLSA-202405-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-24"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/913211?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-3"}],"aliases":["CVE-2021-3403"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-scum-8cdj-rfez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78100?format=json","vulnerability_id":"VCID-sfay-hebc-v3er","summary":"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"8 of 9. Out of Bounds read and write.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6305","reference_id":"","reference_type":"","scores":[{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56242","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56298","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56304","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56291","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56275","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.56294","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6298","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6298"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6306"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6802"},{"reference_url":"https://usn.ubuntu.com/3288-1/","reference_id":"USN-3288-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3288-1/"},{"reference_url":"https://usn.ubuntu.com/4615-1/","reference_id":"USN-4615-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4615-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5732?format=json","purl":"pkg:deb/debian/libytnef@1.5-6%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jh9-jwyd-6khu"},{"vulnerability":"VCID-1n63-1mau-huc4"},{"vulnerability":"VCID-1uz6-pfzn-yqhr"},{"vulnerability":"VCID-23ss-tyey-5kb4"},{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-dq1d-z2eh-tye6"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-h22j-gunw-zyex"},{"vulnerability":"VCID-hamy-ac84-yqac"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-pe79-6bpa-jqfs"},{"vulnerability":"VCID-qqbg-u8qc-bbcw"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-sfay-hebc-v3er"},{"vulnerability":"VCID-u4v9-ptuv-w7by"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-vhtp-a9g6-byem"},{"vulnerability":"VCID-vvbr-837v-juck"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.5-6%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5733?format=json","purl":"pkg:deb/debian/libytnef@1.9.2-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.2-2"}],"aliases":["CVE-2017-6305"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sfay-hebc-v3er"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78102?format=json","vulnerability_id":"VCID-u4v9-ptuv-w7by","summary":"An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, related to MAPIPrint() in libytnef.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6800","reference_id":"","reference_type":"","scores":[{"value":"0.00538","scoring_system":"epss","scoring_elements":"0.67902","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00538","scoring_system":"epss","scoring_elements":"0.67942","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00538","scoring_system":"epss","scoring_elements":"0.67949","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00538","scoring_system":"epss","scoring_elements":"0.67939","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00538","scoring_system":"epss","scoring_elements":"0.67926","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00538","scoring_system":"epss","scoring_elements":"0.67941","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6298","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6298"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6306"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6802"},{"reference_url":"https://usn.ubuntu.com/3288-1/","reference_id":"USN-3288-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3288-1/"},{"reference_url":"https://usn.ubuntu.com/4615-1/","reference_id":"USN-4615-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4615-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5732?format=json","purl":"pkg:deb/debian/libytnef@1.5-6%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jh9-jwyd-6khu"},{"vulnerability":"VCID-1n63-1mau-huc4"},{"vulnerability":"VCID-1uz6-pfzn-yqhr"},{"vulnerability":"VCID-23ss-tyey-5kb4"},{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-dq1d-z2eh-tye6"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-h22j-gunw-zyex"},{"vulnerability":"VCID-hamy-ac84-yqac"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-pe79-6bpa-jqfs"},{"vulnerability":"VCID-qqbg-u8qc-bbcw"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-sfay-hebc-v3er"},{"vulnerability":"VCID-u4v9-ptuv-w7by"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-vhtp-a9g6-byem"},{"vulnerability":"VCID-vvbr-837v-juck"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.5-6%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5733?format=json","purl":"pkg:deb/debian/libytnef@1.9.2-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.2-2"}],"aliases":["CVE-2017-6800"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u4v9-ptuv-w7by"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78090?format=json","vulnerability_id":"VCID-u4we-n26f-jfff","summary":"In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12142","reference_id":"","reference_type":"","scores":[{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36077","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36171","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.3618","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.3614","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36102","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00156","scoring_system":"epss","scoring_elements":"0.36115","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12142","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12142"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870816","reference_id":"870816","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870816"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517019?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-scum-8cdj-rfez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1"}],"aliases":["CVE-2017-12142"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u4we-n26f-jfff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6566?format=json","vulnerability_id":"VCID-vhtp-a9g6-byem","summary":"arbitrary code execution","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9058","reference_id":"","reference_type":"","scores":[{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.60343","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.60293","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.6034","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.60331","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.6033","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00389","scoring_system":"epss","scoring_elements":"0.60313","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9058"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862556","reference_id":"862556","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862556"},{"reference_url":"https://security.archlinux.org/ASA-201708-10","reference_id":"ASA-201708-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201708-10"},{"reference_url":"https://security.archlinux.org/AVG-275","reference_id":"AVG-275","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-275"},{"reference_url":"https://usn.ubuntu.com/3667-1/","reference_id":"USN-3667-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3667-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5733?format=json","purl":"pkg:deb/debian/libytnef@1.9.2-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.2-2"}],"aliases":["CVE-2017-9058"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vhtp-a9g6-byem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78095?format=json","vulnerability_id":"VCID-vvbr-837v-juck","summary":"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"3 of 9. Buffer Overflow in version field in lib/tnef-types.h.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6300","reference_id":"","reference_type":"","scores":[{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.5756","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57612","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57621","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57611","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57599","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57617","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6298","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6298"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6304","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6304"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6306"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6802"},{"reference_url":"https://usn.ubuntu.com/3288-1/","reference_id":"USN-3288-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3288-1/"},{"reference_url":"https://usn.ubuntu.com/4615-1/","reference_id":"USN-4615-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4615-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5732?format=json","purl":"pkg:deb/debian/libytnef@1.5-6%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jh9-jwyd-6khu"},{"vulnerability":"VCID-1n63-1mau-huc4"},{"vulnerability":"VCID-1uz6-pfzn-yqhr"},{"vulnerability":"VCID-23ss-tyey-5kb4"},{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-dq1d-z2eh-tye6"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-h22j-gunw-zyex"},{"vulnerability":"VCID-hamy-ac84-yqac"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-pe79-6bpa-jqfs"},{"vulnerability":"VCID-qqbg-u8qc-bbcw"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-sfay-hebc-v3er"},{"vulnerability":"VCID-u4v9-ptuv-w7by"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-vhtp-a9g6-byem"},{"vulnerability":"VCID-vvbr-837v-juck"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.5-6%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5733?format=json","purl":"pkg:deb/debian/libytnef@1.9.2-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.2-2"}],"aliases":["CVE-2017-6300"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vvbr-837v-juck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78110?format=json","vulnerability_id":"VCID-wp4n-8p7d-93hm","summary":"In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9474","reference_id":"","reference_type":"","scores":[{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41358","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41434","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41438","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41409","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41378","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41388","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9474"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870192","reference_id":"870192","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870192"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517019?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-scum-8cdj-rfez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1"}],"aliases":["CVE-2017-9474"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wp4n-8p7d-93hm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78108?format=json","vulnerability_id":"VCID-xhqa-qxfu-tub5","summary":"In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9472","reference_id":"","reference_type":"","scores":[{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41358","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41434","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41438","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41409","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41378","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41388","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9472"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9472","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9472"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870193","reference_id":"870193","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870193"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517019?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-scum-8cdj-rfez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1"}],"aliases":["CVE-2017-9472"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xhqa-qxfu-tub5"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.5-1"}