Bug 1459452 (CVE-2017-9470, CVE-2017-9471, CVE-2017-9472, CVE-2017-9473, CVE-2017-9474)

Summary: CVE-2017-9470 CVE-2017-9471 CVE-2017-9472 CVE-2017-9473 CVE-2017-9474 ytnef: Multiple vulnerabilities in 1.9.2 version
Product: [Other] Security Response Reporter: Andrej Nemec <anemec>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED UPSTREAM QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: itamar, sheltren
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 03:14:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1459453, 1459454    
Bug Blocks:    

Description Andrej Nemec 2017-06-07 08:12:06 UTC 
Multiple vulnerabilities were found in ytnef 1.9.2.

CVE-2017-9470 - In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.

https://blogs.gentoo.org/ago/2017/05/24/ytnef-null-pointer-dereference-in-mapiprint-ytnef-c/

CVE-2017-9471 - In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapword-ytnef-c/

CVE-2017-9472 - In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows attackers to cause a denial of service (heap-based buffer over-read anda pplication crash) via a crafted file.

https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapdword-ytnef-c/

CVE-2017-9473 - In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows attackers to cause a denial of service (memory consumption) via a crafted file.

https://blogs.gentoo.org/ago/2017/05/24/ytnef-memory-allocation-failure-in-tneffillmapi-ytnef-c/

CVE-2017-9474 - In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-decompressrtf-ytnef-c/
Comment 1 Andrej Nemec 2017-06-07 08:12:53 UTC 
Created ytnef tracking bugs for this issue:

Affects: epel-all [bug 1459454]
Affects: fedora-all [bug 1459453]
Comment 2 Product Security DevOps Team 2019-06-08 03:14:45 UTC 
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.