CVE-2021-3404

Published March 4th, 2021

View on NVD ↗

CVSS v3

7.8

HIGH

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.

Yeraze/ytnef

Yeraze's TNEF Stream Reader - for winmail.dat files

GitHub