Advisories » MGASA-2014-0533

Updated unrtf package fixes security vulnerabilities

Publication date: 19 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9274 , CVE-2014-9275


Updated unrtf package fixes security vulnerabilities:

Michal Zalewski reported an out-of-bounds memory access vulnerability in
unrtf.  Processing a malformed RTF file could lead to a segfault while
accessing a pointer that may be under the attacker's control.  This would
lead to a denial of service (application crash) or, potentially, the
execution of arbitrary code (CVE-2014-9274).

Hanno Böck also reported a number of other crashes in unrtf (CVE-2014-9275).