Bug 1026856 (CVE-2017-6309)

Summary: VUL-0: CVE-2017-6309: tnef: An issue was discovered in tnef before 1.4.13. Two type confusions have beenidentified in the parse...
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/180894/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2017-02-24 15:30:55 UTC
CVE-2017-6309

An issue was discovered in tnef before 1.4.13. Two type confusions have been
identified in the parse_file() function. These might lead to invalid read and
write operations, controlled by an attacker.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6309
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6309
https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d
Comment 1 Swamp Workflow Management 2017-02-24 23:00:42 UTC
bugbot adjusting priority
Comment 2 Philipp Thomas 2017-05-29 10:54:20 UTC
Fixed package submitted
Comment 3 Marcus Meissner 2019-07-10 05:46:21 UTC
fixed