Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201708-10 ========================================= Severity: High Date : 2017-08-14 CVE-ID : CVE-2017-9058 Package : libytnef Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-275 Summary ====== The package libytnef before version 1.9.2-2 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 1.9.2-2. # pacman -Syu "libytnef>=1.9.2-2" The problem has been fixed upstream but no release is available yet. Workaround ========= None. Description ========== A heap-buffer-overflow vulnerability has been found in the libytnef in the lib/ytnef.c module. Impact ===== A remote attacker can execute arbitrary code on the affected host via a crafted tnef file. References ========= https://raw.githubusercontent.com/bingosxs/fuzzdata/master/ytnef-1.9/TNEFFreeMapiProps-Invalid-read.tnef https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862556 https://security.archlinux.org/CVE-2017-9058