本ページは unrtf_project unrtf に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-65411 | A NULL pointer dereference in the src/path.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the search_path parameter. | [email protected] | 7.5 | 0.52% | 2025-12-30 | 2026-06-17 |
| CVE-2025-65410 | A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted input into the filename parameter. | [email protected] | 6.2 | 0.20% | 2025-12-23 | 2026-06-17 |
| CVE-2016-10091 | Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3) cmd_engrave function. | [email protected] | 7.5 | 2.84% | 2017-04-21 | 2026-06-16 |
| CVE-2014-9275 | UnRTF allows remote attackers to cause a denial of service (out-of-bounds memory access and crash) and possibly execute arbitrary code via a crafted RTF file. | [email protected] | 7.5 | 4.74% | 2014-12-09 | 2026-06-16 |
| CVE-2014-9274 | UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999". | [email protected] | 7.5 | 5.83% | 2014-12-09 | 2026-06-16 |