CVE-2014-9274
NONE
Published Dec 9, 201411y ago · Modified Jun 17, 20262w ago
Published Dec 9, 2014 11y ago
Last Modified Jun 17, 2026 2w ago
Description
UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
Affected Products 5
| Vendor | Product | Version | Range |
|---|---|---|---|
| unrtf_project | unrtf | * | ≤0.21.6 |
| fedoraproject | fedora | 21 | any |
| mageia_project | mageia | 4 | any |
| debian | debian_linux | 7.0 | any |
| debian | debian_linux | 8.0 | any |
References 10
- advisories.mageia.org http://advisories.mageia.org/MGASA-2014-0533.html
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147399.html
- secunia.com http://secunia.com/advisories/62811
- debian.org http://www.debian.org/security/2015/dsa-3158
- mandriva.com http://www.mandriva.com/security/advisories?name=MDVSA-2015:007
- openwall.com http://www.openwall.com/lists/oss-security/2014/12/04/15
- securityfocus.com http://www.securityfocus.com/bid/71430
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1170233
- lists.gnu.org https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.html
- security.gentoo.org https://security.gentoo.org/glsa/201507-06
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.