Arch Linux Security Advisory ASA-201412-20 ========================================== Severity: High Date : 2014-12-16 CVE-ID : CVE-2014-9274 CVE-2014-9275 Package : unrtf Type : arbitrary code execution Remote : No Link : https://wiki.archlinux.org/index.php/CVE-2014 Summary ======= The package unrtf before version 0.21.7-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 0.21.7-1. # pacman -Syu "unrtf>=0.21.7-1" The problems have been fixed upstream in version 0.21.7. Workaround ========== None. Description =========== - CVE-2014-9274 (arbitrary code execution) A flaw allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999". - CVE-2014-9275 (arbitrary code execution) A flaw allows remote attackers to cause a denial of service (out-of-bounds memory access and crash) and possibly execute arbitrary code via a crafted RTF file. Impact ====== An attacker able to craft a RTF file could use those issues to cause a crash or execute arbitrary code while accessing a pointer that may be under the attacker's control. References ========== https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9274 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9275 https://bugzilla.redhat.com/show_bug.cgi?id=1170233 http://seclists.org/oss-sec/2014/q4/904 https://bugs.archlinux.org/task/43131