MGASA-2014-0531
- Source
- https://advisories.mageia.org/MGASA-2014-0531.html
- Import Source
- https://advisories.mageia.org/MGASA-2014-0531.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2014-0531
- Related
- Published
- 2014-12-19T15:06:35Z
- Modified
- 2026-02-04T03:21:55.671947Z
- Summary
- Updated claws-mail packages fix security vulnerability
- Details
-
Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow (CVE-2010-5109).
The claws-mail package contains an embedded copf of libytnef, which has been patched to fix this issue.
- References
-
- https://advisories.mageia.org/MGASA-2014-0531.html
- https://bugs.mageia.org/show_bug.cgi?id=14743
- http://sourceforge.net/tracker/?func=detail&aid=2949686&group_id=70352&atid=527487
- http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083853.html
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771360
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:4 / claws-mail
Package
- Name
- claws-mail
- Purl
- pkg:rpm/mageia/claws-mail?arch=source&distro=mageia-4