CVE-2014-9274: Buffer Overflow
First published: Wed Dec 03 2014(Updated: )
Michal Zalewski reported [1] an out-of-bounds memory access vulnerability in unrtf. Processing a malformed RTF file could lead to a segfault while accessing a pointer that may be under the attacker's control. This would lead to a denial of service (application crash) or, potentially, the execution of arbitrary code. Hanno Böck also reported [2] a number of other crashes in unrtf. There has been no response upstream regarding this (it seems that unrtf is no longer being maintained) so there is no patch available as of yet. [1] <a href="https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.html">https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.html</a> [2] <a href="https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00000.html">https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00000.html</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Unrtf Project Unrtf | <=0.21.6 | |
| Fedoraproject Fedora | =21 | |
| Mageia Project Mageia | =4 | |
| Debian Debian Linux | =7.0 | |
| Debian Debian Linux | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://advisories.mageia.org/MGASA-2014-0533.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147399.html
- http://secunia.com/advisories/62811
- http://www.debian.org/security/2015/dsa-3158
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:007
- http://www.openwall.com/lists/oss-security/2014/12/04/15
- http://www.securityfocus.com/bid/71430
- https://bugzilla.redhat.com/show_bug.cgi?id=1170233
- https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.html
- https://security.gentoo.org/glsa/201507-06
- https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00000.html
- http://www.openwall.com/lists/oss-security/2014/12/03/4
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1170235
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1170236
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1170237
- https://access.redhat.com/security/cve/CVE-2014-9274
- https://access.redhat.com/security/cve/CVE-2014-9275
- http://seclists.org/oss-sec/2014/q4/904
- https://lists.gnu.org/archive/html/bug-unrtf/2014-12/msg00000.html
- https://lists.gnu.org/archive/html/bug-unrtf/2014-12/msg00001.html
- http://hg.savannah.gnu.org/hgweb/unrtf/rev/891c2f431c90
- collector/nvd-index
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-9274
- vendor/unrtf project
- canonical/unrtf project unrtf
- version/unrtf project unrtf/0.21.6
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/21
- vendor/mageia project
- canonical/mageia project mageia
- version/mageia project mageia/4
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/7.0
- version/debian debian linux/8.0