An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef.
{ "binaries": [ { "binary_name": "libytnef0", "binary_version": "1.5-6ubuntu0.1" }, { "binary_name": "libytnef0-dbgsym", "binary_version": "1.5-6ubuntu0.1" }, { "binary_name": "libytnef0-dev", "binary_version": "1.5-6ubuntu0.1" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "libytnef0", "binary_version": "1.5-9ubuntu0.1" }, { "binary_name": "libytnef0-dbgsym", "binary_version": "1.5-9ubuntu0.1" }, { "binary_name": "libytnef0-dev", "binary_version": "1.5-9ubuntu0.1" } ], "availability": "No subscription required" }