[arch-security] [ASA-201412-20] unrtf: arbitrary code execution
Levente Polyak
anthraxx at archlinux.org
Tue Dec 16 20:51:58 UTC 2014
Arch Linux Security Advisory ASA-201412-20
==========================================
Severity: High
Date : 2014-12-16
CVE-ID : CVE-2014-9274 CVE-2014-9275
Package : unrtf
Type : arbitrary code execution
Remote : No
Link : https://wiki.archlinux.org/index.php/CVE-2014
Summary
=======
The package unrtf before version 0.21.7-1 is vulnerable to arbitrary
code execution.
Resolution
==========
Upgrade to 0.21.7-1.
# pacman -Syu "unrtf>=0.21.7-1"
The problems have been fixed upstream in version 0.21.7.
Workaround
==========
None.
Description
===========
- CVE-2014-9274 (arbitrary code execution)
A flaw allows remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code as demonstrated by a file containing the
string "{\cb-999999999".
- CVE-2014-9275 (arbitrary code execution)
A flaw allows remote attackers to cause a denial of service
(out-of-bounds memory access and crash) and possibly execute arbitrary
code via a crafted RTF file.
Impact
======
An attacker able to craft a RTF file could use those issues to cause a
crash or execute arbitrary code while accessing a pointer that may be
under the attacker's control.
References
==========
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9274
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9275
https://bugzilla.redhat.com/show_bug.cgi?id=1170233
http://seclists.org/oss-sec/2014/q4/904
https://bugs.archlinux.org/task/43131
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20141216/79afcabf/attachment.bin>
More information about the arch-security
mailing list