What the vulnerability does

01Description

In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.

Key dates

02Disclosure timeline

March 4, 2021 CVE published
August 3, 2024 Record updated