CVE-2017-6307 Debian CVE debrief

Who should care

Administrators and maintainers running tnef or packages that embed it, especially mail gateways, attachment-processing systems, and Linux distributions that ship tnef. Security teams should also care if user-supplied TNEF data is processed automatically.

Technical summary

NVD assigns CWE-787 (out-of-bounds write) and a CVSS 3.0 vector of AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue is in mapi_attr_read() within src/mapi_attr.c, where malformed attacker-controlled input can drive out-of-bounds memory access. The affected upstream range is listed as tnef through 1.4.12, with 1.4.13 or later indicated by the supplied description and references as the fixed release line.

Defensive priority

High for environments that parse untrusted TNEF content, but not an emergency for systems that never handle such data. Because exploitation requires user interaction and local conditions, prioritize patching exposed mail and file-processing workflows first.

Recommended defensive actions

• Upgrade tnef to 1.4.13 or later, or apply the relevant vendor backport if you use a distribution package.
• Inventory systems and applications that call tnef or process TNEF attachments automatically.
• Treat untrusted TNEF data as unsafe until patched; reduce or disable automatic processing where feasible.
• Verify distribution advisories and package changelogs for your platform, since downstream fixes may differ from upstream versioning.
• After remediation, confirm the installed package version and document the patch status for affected hosts.

Evidence notes

Supported by the NVD CVE record, which lists the vulnerability as an out-of-bounds write in src/mapi_attr.c:mapi_attr_read() and assigns CWE-787. The supplied references also include Debian, Gentoo, and X41 advisories plus the upstream commit and ChangeLog, indicating a public fix path. The NVD CPE criteria identify the affected upstream product as tnef up to 1.4.12.

Official resources