Description of problem: tnef breaks with an assertion error: $ /usr/bin/tnef winmail.dat tnef: mapi_attr.c:233: mapi_attr_read: Assertion `(idx+(a->names[i].len*2)) <= len' failed. Afgebroken (memorydump made) Version-Release number of selected component (if applicable): tnef-1.4.9-6.mga6.x86_64.rpm How reproducible: Use any winmail.dat from an Outlook user and you will see this error. Steps to Reproduce: 1. 2. 3. I compiled tnef 1.4.12 from source and it works now. It might be the new version or the recompile.
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
I wonder if just adding the CVE patches in the last update caused this, as opposed to updating to the newest version. Perhaps we should upgrade to 1.4.14.
CC: (none) => nicolas.salguero
Got another CVE to tack on here. Package : tnef CVE ID : CVE-2017-8911 Debian Bug : 862442 It was discovered that tnef, a tool used to unpack MIME attachments of type "application/ms-tnef", did not correctly validate its input. An attacker could exploit this by tricking a user into opening a malicious attachment, which would result in a denial-of-service by application crash.
CC: (none) => zombie_ryushu
Depends on: (none) => 21013
Thank you for the update of today
Status: NEW => RESOLVEDResolution: (none) => FIXED