Vulnerability Details : CVE-2010-5109
Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-5109
Probability of exploitation activity in the next 30 days: 2.25%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-5109
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2010-5109
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-5109
-
http://sourceforge.net/p/ytnef/bugs/13/
Yerase's TNEF Stream Reader / Bugs / #13 Buffer Overflow in libytnef
-
https://lists.fedoraproject.org/pipermail/package-announce/2012-July/083804.html
[SECURITY] Fedora 16 Update: libytnef-1.5-8.fc16
-
https://lists.fedoraproject.org/pipermail/package-announce/2012-July/083853.html
[SECURITY] Fedora 17 Update: libytnef-1.5-8.fc17
-
https://bugzilla.redhat.com/show_bug.cgi?id=831322
831322 – (CVE-2010-5109) [PATCH] fix possible buffer overflow
-
http://www.openwall.com/lists/oss-security/2013/04/11/1
oss-security - CVE-2010-5109 libytnef buffer overflow
-
http://www.securityfocus.com/bid/54484
libytnef TNEF File Buffer Overflow Vulnerability
Products affected by CVE-2010-5109
- cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
- cpe:2.3:a:randall_hand:yerase\'s_tnef_stream_reader:-:*:*:*:*:*:*:*