[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-unrtf] out-of-bounds memory access in unrtf

From: Michal Zalewski
Subject: [bug-unrtf] out-of-bounds memory access in unrtf
Date: Mon, 24 Nov 2014 23:30:35 -0800

Looks like this package is no longer maintained, but reporting just
for posterity: there seems to be a bug that probably makes it
dangerous to convert untrusted RTFs:

$ echo '{\cb-999999999' >x
$ unrtf x

This leads to segv while accessing a pointer that is essentially
within attacker's control.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]