{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78110?format=json","vulnerability_id":"VCID-wp4n-8p7d-93hm","summary":"In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.","aliases":[{"alias":"CVE-2017-9474"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517019?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-scum-8cdj-rfez"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1"},{"url":"http://public2.vulnerablecode.io/api/packages/104815?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104813?format=json","purl":"pkg:deb/debian/libytnef@1.9.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.3-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104811?format=json","purl":"pkg:deb/debian/libytnef@2.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@2.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/104814?format=json","purl":"pkg:deb/debian/libytnef@2.1.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@2.1.2-1%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5728?format=json","purl":"pkg:deb/debian/libytnef@1.5-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jh9-jwyd-6khu"},{"vulnerability":"VCID-1n63-1mau-huc4"},{"vulnerability":"VCID-1uz6-pfzn-yqhr"},{"vulnerability":"VCID-23ss-tyey-5kb4"},{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-dq1d-z2eh-tye6"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-h22j-gunw-zyex"},{"vulnerability":"VCID-hamy-ac84-yqac"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-pe79-6bpa-jqfs"},{"vulnerability":"VCID-qm9m-rzy8-qkac"},{"vulnerability":"VCID-qqbg-u8qc-bbcw"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-sfay-hebc-v3er"},{"vulnerability":"VCID-u4v9-ptuv-w7by"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-vhtp-a9g6-byem"},{"vulnerability":"VCID-vvbr-837v-juck"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.5-1"},{"url":"http://public2.vulnerablecode.io/api/packages/5729?format=json","purl":"pkg:deb/debian/libytnef@1.5-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jh9-jwyd-6khu"},{"vulnerability":"VCID-1n63-1mau-huc4"},{"vulnerability":"VCID-1uz6-pfzn-yqhr"},{"vulnerability":"VCID-23ss-tyey-5kb4"},{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-dq1d-z2eh-tye6"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-h22j-gunw-zyex"},{"vulnerability":"VCID-hamy-ac84-yqac"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-pe79-6bpa-jqfs"},{"vulnerability":"VCID-qm9m-rzy8-qkac"},{"vulnerability":"VCID-qqbg-u8qc-bbcw"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-sfay-hebc-v3er"},{"vulnerability":"VCID-u4v9-ptuv-w7by"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-vhtp-a9g6-byem"},{"vulnerability":"VCID-vvbr-837v-juck"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.5-2"},{"url":"http://public2.vulnerablecode.io/api/packages/5730?format=json","purl":"pkg:deb/debian/libytnef@1.5-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jh9-jwyd-6khu"},{"vulnerability":"VCID-1n63-1mau-huc4"},{"vulnerability":"VCID-1uz6-pfzn-yqhr"},{"vulnerability":"VCID-23ss-tyey-5kb4"},{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-dq1d-z2eh-tye6"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-h22j-gunw-zyex"},{"vulnerability":"VCID-hamy-ac84-yqac"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-pe79-6bpa-jqfs"},{"vulnerability":"VCID-qm9m-rzy8-qkac"},{"vulnerability":"VCID-qqbg-u8qc-bbcw"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-sfay-hebc-v3er"},{"vulnerability":"VCID-u4v9-ptuv-w7by"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-vhtp-a9g6-byem"},{"vulnerability":"VCID-vvbr-837v-juck"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.5-4"},{"url":"http://public2.vulnerablecode.io/api/packages/5731?format=json","purl":"pkg:deb/debian/libytnef@1.5-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jh9-jwyd-6khu"},{"vulnerability":"VCID-1n63-1mau-huc4"},{"vulnerability":"VCID-1uz6-pfzn-yqhr"},{"vulnerability":"VCID-23ss-tyey-5kb4"},{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-dq1d-z2eh-tye6"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-h22j-gunw-zyex"},{"vulnerability":"VCID-hamy-ac84-yqac"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-pe79-6bpa-jqfs"},{"vulnerability":"VCID-qqbg-u8qc-bbcw"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-sfay-hebc-v3er"},{"vulnerability":"VCID-u4v9-ptuv-w7by"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-vhtp-a9g6-byem"},{"vulnerability":"VCID-vvbr-837v-juck"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.5-6"},{"url":"http://public2.vulnerablecode.io/api/packages/5732?format=json","purl":"pkg:deb/debian/libytnef@1.5-6%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jh9-jwyd-6khu"},{"vulnerability":"VCID-1n63-1mau-huc4"},{"vulnerability":"VCID-1uz6-pfzn-yqhr"},{"vulnerability":"VCID-23ss-tyey-5kb4"},{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-dq1d-z2eh-tye6"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-h22j-gunw-zyex"},{"vulnerability":"VCID-hamy-ac84-yqac"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-pe79-6bpa-jqfs"},{"vulnerability":"VCID-qqbg-u8qc-bbcw"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-sfay-hebc-v3er"},{"vulnerability":"VCID-u4v9-ptuv-w7by"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-vhtp-a9g6-byem"},{"vulnerability":"VCID-vvbr-837v-juck"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.5-6%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5733?format=json","purl":"pkg:deb/debian/libytnef@1.9.2-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4uam-1xf3-j7h4"},{"vulnerability":"VCID-5tnx-uqxf-6kdt"},{"vulnerability":"VCID-acxb-qewa-6ydh"},{"vulnerability":"VCID-euww-z8fu-vfbf"},{"vulnerability":"VCID-hfas-b69x-83b7"},{"vulnerability":"VCID-k28p-uhqw-fudr"},{"vulnerability":"VCID-r6th-ernk-5yam"},{"vulnerability":"VCID-scum-8cdj-rfez"},{"vulnerability":"VCID-u4we-n26f-jfff"},{"vulnerability":"VCID-wp4n-8p7d-93hm"},{"vulnerability":"VCID-xhqa-qxfu-tub5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libytnef@1.9.2-2"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9474","reference_id":"","reference_type":"","scores":[{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41358","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41434","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41438","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41409","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41378","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41388","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9474"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870192","reference_id":"870192","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870192"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":"0.5","weighted_severity":"0.0","risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wp4n-8p7d-93hm"}