Candidate: CVE-2010-5109
PublicDate: 2014-05-05 17:06:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5109
 http://www.openwall.com/lists/oss-security/2013/04/11/1
 http://sourceforge.net/p/ytnef/bugs/13/
 http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083853.html
 http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083804.html
Description:
 Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF
 Stream Reader allows remote attackers to cause a denial of service (crash)
 via a crafted TNEF file, which triggers a buffer overflow.
Ubuntu-Description:
Notes:
 jdstrand> this is a DoS only since the memory after the unterminated
  comp_Prebuf.data is not actually access anywhere.
 jdstrand> libytnef0 is only used by evolution on 10.04 LTS and later.
 jdstrand> libytnef is linked in to modules/module-tnef-attachment.so from
  libevolution on 12.10 and later.
 jdstrand> plugins/liborg-gnome-tnef-attachments.so on 12.04 and earlier. This
  is shipped in the evolution-plugins-experimental package, from universe
 jdstrand> on 13.10+, PoC is recognized as TNEF file, but not all attachments
  are shown (not security)
 jdstrand> on 12.04, recognized as TNEF file, but not all attachments are shown
  (not security)
 jdstrand> on 11.10 and earlier, no crash (not security)
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=831322
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_libytnef:
upstream_libytnef: released (1.5-5)
hardy_libytnef: ignored (reached end-of-life)
lucid_libytnef: ignored
oneiric_libytnef: ignored
precise_libytnef: ignored
quantal_libytnef: ignored
trusty_libytnef: not-affected (1.5-6)
trusty/esm_libytnef: DNE (trusty was not-affected [1.5-6])
devel_libytnef: not-affected (1.5-6)