This page lists publicly disclosed CVE vulnerabilities affecting unrtf_project unrtf (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-65411 | A NULL pointer dereference in the src/path.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the search_path parameter. | [email protected] | 7.5 | 0.06% | 2025-12-30 | 2026-01-09 |
| CVE-2025-65410 | A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted input into the filename parameter. | [email protected] | 6.2 | 0.01% | 2025-12-23 | 2026-01-06 |
| CVE-2016-10091 | Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3) cmd_engrave function. | [email protected] | 7.5 | 2.61% | 2017-04-21 | 2026-05-13 |
| CVE-2014-9275 | UnRTF allows remote attackers to cause a denial of service (out-of-bounds memory access and crash) and possibly execute arbitrary code via a crafted RTF file. | [email protected] | 7.5 | 3.32% | 2014-12-09 | 2026-05-06 |
| CVE-2014-9274 | UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999". | [email protected] | 7.5 | 5.94% | 2014-12-09 | 2026-05-06 |