VYPR

Unrtf

by Unrtf Project

CVEs (6)

  • CVE-2016-10091HigApr 21, 2017
    risk 0.49cvss 7.5epss 0.03

    Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3) cmd_engrave function.

  • CVE-2025-65411Dec 30, 2025
    risk 0.00cvss epss 0.01

    A NULL pointer dereference in the src/path.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the search_path parameter.

  • CVE-2025-65410Dec 23, 2025
    risk 0.00cvss epss 0.00

    A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted input into the filename parameter.

  • CVE-2014-9275Dec 9, 2014
    risk 0.00cvss epss 0.05

    UnRTF allows remote attackers to cause a denial of service (out-of-bounds memory access and crash) and possibly execute arbitrary code via a crafted RTF file.

  • CVE-2014-9274Dec 9, 2014
    risk 0.00cvss epss 0.06

    UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".

  • CVE-2004-1297Jan 10, 2005
    risk 0.00cvss epss 0.06

    Buffer overflow in the process_font_table function in convert.c for unrtf 0.19.3 allows remote attackers to execute arbitrary code via a crafted RTF file.