Updated unrtf package fixes security vulnerabilitiesPublication date: 19 Dec 2014
Affected Mageia releases : 4
CVE: CVE-2014-9274 , CVE-2014-9275
Updated unrtf package fixes security vulnerabilities: Michal Zalewski reported an out-of-bounds memory access vulnerability in unrtf. Processing a malformed RTF file could lead to a segfault while accessing a pointer that may be under the attacker's control. This would lead to a denial of service (application crash) or, potentially, the execution of arbitrary code (CVE-2014-9274). Hanno Böck also reported a number of other crashes in unrtf (CVE-2014-9275).