CVE-2017-6800

moderate-risk

Published 2017-03-10

An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, related to MAPIPrint() in libytnef.

Do I need to act?

0.54% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (3)

Debian Linux

Ytnef

Affected Vendors

Ytnef Project Debian

References (8)

Third Party Advisory http://www.debian.org/security/2017/dsa-3846

Patch https://github.com/Yeraze/ytnef/commit/f98f5d4adc1c4bd4033638f6167c1bb95d642f89

Exploit https://github.com/Yeraze/ytnef/issues/28

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Third Party Advisory http://www.debian.org/security/2017/dsa-3846

Patch https://github.com/Yeraze/ytnef/commit/f98f5d4adc1c4bd4033638f6167c1bb95d642f89

Exploit https://github.com/Yeraze/ytnef/issues/28

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 2/34 · Minimal

Exposure 9/34 · Low