Vulnerability Description
Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Randall Hand | Yerase\'S Tnef Stream Reader | - |
| Fedoraproject | Fedora | 16 |
Related Weaknesses (CWE)
References
- http://sourceforge.net/p/ytnef/bugs/13/
- http://www.openwall.com/lists/oss-security/2013/04/11/1
- http://www.securityfocus.com/bid/54484
- https://bugzilla.redhat.com/show_bug.cgi?id=831322
- https://lists.fedoraproject.org/pipermail/package-announce/2012-July/083804.html
- https://lists.fedoraproject.org/pipermail/package-announce/2012-July/083853.html
- http://sourceforge.net/p/ytnef/bugs/13/
- http://www.openwall.com/lists/oss-security/2013/04/11/1
- http://www.securityfocus.com/bid/54484
- https://bugzilla.redhat.com/show_bug.cgi?id=831322
- https://lists.fedoraproject.org/pipermail/package-announce/2012-July/083804.html
- https://lists.fedoraproject.org/pipermail/package-announce/2012-July/083853.html
FAQ
What is CVE-2010-5109?
CVE-2010-5109 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer o...
How severe is CVE-2010-5109?
CVE-2010-5109 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-5109?
Check the references section above for vendor advisories and patch information. Affected products include: Randall Hand Yerase\'S Tnef Stream Reader, Fedoraproject Fedora.