CVE-2004-1297Improper Restriction of Operations within the Bounds of a Memory Buffer in Smith Unrtf

5 documents5 sources
Severity
10.0CRITICALNVD
EPSS
7.8%
top 8.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unrtf Project UnrtfZack Smith Unrtf
Timeline
PublishedJan 10
Latest updateApr 29

Description

Buffer overflow in the process_font_table function in convert.c for unrtf 0.19.3 allows remote attackers to execute arbitrary code via a crafted RTF file.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

Debianunrtf_project/unrtf< 0.19.3-1.1+3
NVDzack_smith/unrtf0.19.3

🔴Vulnerability Details

3
GHSA
GHSA-xrpf-2c53-3fmg: Buffer overflow in the process_font_table function in convert2022-04-29
OSV
CVE-2004-1297: Buffer overflow in the process_font_table function in convert2005-01-10
CVEList
CVE-2004-1297: Buffer overflow in the process_font_table function in convert2004-12-22

📋Vendor Advisories

1
Debian
CVE-2004-1297: unrtf - Buffer overflow in the process_font_table function in convert.c for unrtf 0.19.3...2004
CVE-2004-1297 — Zack Smith Unrtf vulnerability | cvebase