CVE-2025-65411
- EPSS 0.06%
- Veröffentlicht 30.12.2025 00:00:00
- Zuletzt bearbeitet 09.01.2026 19:47:55
A NULL pointer dereference in the src/path.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the search_path parameter.
CVE-2025-65410
- EPSS 0.02%
- Veröffentlicht 23.12.2025 00:00:00
- Zuletzt bearbeitet 06.01.2026 17:31:26
A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted input into the filename parameter.
CVE-2016-10091
- EPSS 2.61%
- Veröffentlicht 21.04.2017 15:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3) cmd_engrave function.
CVE-2014-9275
- EPSS 3.32%
- Veröffentlicht 09.12.2014 23:59:11
- Zuletzt bearbeitet 12.04.2025 10:46:40
UnRTF allows remote attackers to cause a denial of service (out-of-bounds memory access and crash) and possibly execute arbitrary code via a crafted RTF file.
CVE-2014-9274
- EPSS 5.94%
- Veröffentlicht 09.12.2014 23:59:10
- Zuletzt bearbeitet 12.04.2025 10:46:40
UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".