Primary

Context

GNU Unrtf Stack-Based Buffer Overflow Vulnerability Allowing Denial-of-Service

Vulnerability

Patched

A stack-based buffer overflow vulnerability has been identified in GNU Unrtf version 0.21.10. This issue arises in the 'src/main.c' component, where attackers can cause a denial-of-service by injecting crafted input into the filename parameter. The vulnerability can lead to a process crash and, with specially designed payloads, hijacking of the return address.

Impact

Exploitation of this vulnerability causes a process crash, leading to a denial-of-service condition. Additionally, with crafted payloads, it can result in return address hijacking.

Remediation

Users can upgrade to GNU Unrtf version 0.21.11, which addresses this vulnerability. The new version is available on the project's home page.

Added: Dec 23, 2025, 5:21 PM

Updated: Dec 23, 2025, 7:21 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.3

remediation

7.7

relevance

1.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.3

remediation

7.7

relevance

1.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GNU Unrtf Stack-Based Buffer Overflow Vulnerability Allowing Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

GNU Unrtf

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating