In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "tnef", "binary_version": "1.4.9-1+deb8u4build0.16.04.1" }, { "binary_name": "tnef-dbgsym", "binary_version": "1.4.9-1+deb8u4build0.16.04.1" } ] }
{ "ubuntu_priority": "medium" }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "tnef", "binary_version": "1.4.18-1" }, { "binary_name": "tnef-dbgsym", "binary_version": "1.4.18-1" } ] }