CVE-2021-3403

Published March 4th, 2021

View on NVD ↗

CVSS v3

7.8

HIGH

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.

Yeraze/ytnef

Yeraze's TNEF Stream Reader - for winmail.dat files

GitHub