GNU Unrtf NULL Pointer Dereference Vulnerability in Version 0.21.10 Allowing Denial-of-Service

A NULL pointer dereference vulnerability has been identified in GNU Unrtf version 0.21.10. This issue arises in the 'src/path.c' component, specifically during the parsing of the '-P' command-line option. The vulnerability allows attackers to cause a denial-of-service condition by injecting a crafted payload into the 'search_path' parameter, leading to a process crash.

Impact

Exploitation of this vulnerability causes a local denial-of-service condition by crashing the Unrtf process with a segmentation fault, due to the NULL pointer dereference.

Reproduction

The vulnerability can be reproduced by invoking the 'unrtf' command with the '-P' option, but omitting the required path parameter. This can be done by simply running './unrtf -P' in the terminal. On an affected build, this command will result in a segmentation fault, crashing the program.

Remediation

Users can upgrade to GNU Unrtf version 0.21.11 or later, which includes the necessary fix. For those unable to upgrade immediately, the upstream patch can be backported to correct the argument parsing for the '-P' option.