CVE-2017-6308

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-6308
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6308.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-6308
Downstream
Related
Published
2017-02-24T04:59:00Z
Modified
2025-10-21T04:20:06.120755Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation.

References

Affected packages

Git / github.com/verdammelt/tnef

Affected ranges

Type
GIT
Repo
https://github.com/verdammelt/tnef
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c5044689e50039635e7700fe2472fd632ac77176

Affected versions

1.*

1.4.10
1.4.11
1.4.12

TNEF-1.*

TNEF-1.4.10
TNEF-1.4.11

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "digest": {
            "function_hash": "80647781257308677194827960595707241758",
            "length": 186.0
        },
        "deprecated": false,
        "id": "CVE-2017-6308-1fff0ee7",
        "source": "https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176",
        "target": {
            "function": "xmalloc",
            "file": "src/alloc.c"
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "digest": {
            "function_hash": "15783034786864080875998758959590555462",
            "length": 105.0
        },
        "deprecated": false,
        "id": "CVE-2017-6308-290d50bb",
        "source": "https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176",
        "target": {
            "function": "checked_xmalloc",
            "file": "src/alloc.c"
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "74577793251357847951624012834623964796",
                "259120006362788898557182968957901382749",
                "317070988496673012423271087459144346727",
                "340003733135942291058728836243182118711",
                "283263435890988534721651437552159911026",
                "148412461001017286518232540592127839838",
                "84359124317468807169832239954705471085",
                "24071807926824837838195659260730455448",
                "13051942348720689694512385239541424909",
                "223943871900041502463050589332055862139",
                "12397076515527315894056347930382561746",
                "60488618786239953357603483916665940263",
                "104482875846109879957863968540076120196",
                "87203807592121774978594943157398192512",
                "245667685669930674280224660251811031842",
                "66520851616452270523773474690296645926",
                "289452570597396420023335271120362671879",
                "221316349256514322157399797202874492245",
                "248376248363180207165795018382301935421",
                "326479304575496046329346530080473873827",
                "147404952834887334425368163582429953071",
                "212121869205416016212422569982659294284",
                "147265908407649884497817004294199411165",
                "67042311451755526750742529003178827899",
                "192757025590116312852855986609378380415",
                "32557233928427254309222658051834074695",
                "81021220967241253566928732391747722941",
                "3756671556585328775992682930143694069",
                "27471218305565935940059512140591345026",
                "166002946199526813694456530195961979320",
                "138137239272367138212280141514087855849",
                "51955851802909229003963951751894151703",
                "319077333378547946215801557925080714142",
                "291748529743512344086676569851897529071",
                "199804614681014939756579503354116145175",
                "234493078577190041803095131225480610467",
                "83868460254598889211169859545503625753",
                "238833775603457862769285407875718724835",
                "145432519966601555334936527853284898860",
                "277217241578896900931443731825823034371",
                "159734786079734328005266570997115980067"
            ]
        },
        "deprecated": false,
        "id": "CVE-2017-6308-3240275e",
        "source": "https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176",
        "target": {
            "file": "src/alloc.c"
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "digest": {
            "function_hash": "19178948986734914441039532671796522971",
            "length": 167.0
        },
        "deprecated": false,
        "id": "CVE-2017-6308-8605cc83",
        "source": "https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176",
        "target": {
            "function": "xcalloc",
            "file": "src/alloc.c"
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "digest": {
            "function_hash": "174993485115829299738227768633706098438",
            "length": 139.0
        },
        "deprecated": false,
        "id": "CVE-2017-6308-bf2571d8",
        "source": "https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176",
        "target": {
            "function": "checked_xcalloc",
            "file": "src/alloc.c"
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "244622816174095439308529034456048912615",
                "74185541062882661439639506366234940940",
                "174781808204308383683905081764386418714",
                "243874785623914192116501608322138046359",
                "185188867826587436615390029024330879741",
                "8818342805407866744885455388093838918",
                "22222180561445748243407109619268237743",
                "37748432485487720316492973097047514689",
                "148567876325088602522738595995016931796",
                "40797451203388452006725910471006851070"
            ]
        },
        "deprecated": false,
        "id": "CVE-2017-6308-d0e7d33d",
        "source": "https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176",
        "target": {
            "file": "src/alloc.h"
        },
        "signature_type": "Line"
    }
]