Unrtf Project Unrtf vulnerabilities

CVE-2025-65411 [HIGH] CWE-476 CVE-2025-65411: A NULL pointer dereference in the src/path.c component of GNU Unrtf v0.21.10 allows attackers to cau A NULL pointer dereference in the src/path.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the search_path parameter.

CVE-2025-65410 [MEDIUM] CWE-121 CVE-2025-65410: A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denia A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted input into the filename parameter.

CVE-2016-10091 [HIGH] CWE-119 CVE-2016-10091: Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-se Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3) cmd_engrave function.

CVE-2014-9275 [HIGH] CWE-119 CVE-2014-9275: UnRTF allows remote attackers to cause a denial of service (out-of-bounds memory access and crash) a UnRTF allows remote attackers to cause a denial of service (out-of-bounds memory access and crash) and possibly execute arbitrary code via a crafted RTF file.

CVE-2014-9274 [HIGH] CWE-119 CVE-2014-9274: UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary co UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".

CVE-2004-1297 [CRITICAL] CVE-2004-1297: Buffer overflow in the process_font_table function in convert Buffer overflow in the process_font_table function in convert.c for unrtf 0.19.3 allows remote attackers to execute arbitrary code via a crafted RTF file.