Bug 20938

Summary: tnef breaks with an assertion error
Product: Mageia Reporter: Marcel Pol <marcel>
Component: RPM PackagesAssignee: All Packagers <pkg-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: marja11, nicolas.salguero, zombie_ryushu
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: tnef-1.4.9-6 CVE:
Status comment:
Bug Depends on: 21013    
Bug Blocks:    

Description Marcel Pol 2017-05-25 21:50:29 CEST 
Description of problem:
tnef breaks with an assertion error:

$ /usr/bin/tnef winmail.dat 
tnef: mapi_attr.c:233: mapi_attr_read: Assertion `(idx+(a->names[i].len*2)) <= len' failed.
Afgebroken (memorydump made)


Version-Release number of selected component (if applicable):
tnef-1.4.9-6.mga6.x86_64.rpm

How reproducible:
Use any winmail.dat from an Outlook user and you will see this error.

Steps to Reproduce:
1.
2.
3.

I compiled tnef 1.4.12 from source and it works now. It might be the new version or the recompile.
Comment 1 Marja Van Waes 2017-05-28 06:57:53 CEST 
Assigning to all packagers collectively, since there is no registered maintainer for this package.

CC: (none) => marja11
Assignee: bugsquad => pkg-bugs

Comment 2 David Walser 2017-05-29 05:25:46 CEST 
I wonder if just adding the CVE patches in the last update caused this, as opposed to updating to the newest version.  Perhaps we should upgrade to 1.4.14.

CC: (none) => nicolas.salguero

Comment 3 Zombie Ryushu 2017-06-01 22:56:37 CEST 
Got another CVE to tack on here.

Package        : tnef
CVE ID         : CVE-2017-8911
Debian Bug     : 862442

It was discovered that tnef, a tool used to unpack MIME attachments of
type "application/ms-tnef", did not correctly validate its input. An
attacker could exploit this by tricking a user into opening a
malicious attachment, which would result in a denial-of-service by
application crash.

CC: (none) => zombie_ryushu

David Walser 2017-06-02 12:13:07 CEST

Depends on: (none) => 21013

Comment 4 Marcel Pol 2017-06-05 21:51:36 CEST 
Thank you for the update of today

Status: NEW => RESOLVED
Resolution: (none) => FIXED