Ytnef upstream released a security advisory for their latest release.
It fixes multiple security vulnerabilities.
Created libytnef tracking bugs for this issue:
Affects: epel-all [bug 1422814]
Affects: fedora-all [bug 1422817]
Created ytnef tracking bugs for this issue:
Affects: epel-all [bug 1422816]
Affects: fedora-all [bug 1422815]
Mitre assigned CVEs for these patches:
Null Pointer Deref / calloc return value not checked - CVE-2017-6298
Infinite Loop / DoS - CVE-2017-6299
Buffer Overflow in version field - CVE-2017-6300
Out of Bound Reads - CVE-2017-6301
Integer Overflow - CVE-2017-6302
Invalid Write and Integer Overflow CVE-2017-6303
Out of Bounds read - CVE-2017-6304
Out of Bounds read and write - CVE-2017-6305
Directory Traversal using the filename - CVE-2017-6306
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.