Lucene search

[email protected]CVE-2014-9274

HistoryDec 09, 2014 - 11:59 p.m.

CVE-2014-9274

2014-12-0923:59:10

CWE-119

[email protected]

web.nvd.nist.gov

unrtf

cve-2014-9274

denial of service

code execution

nvd

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.057 Low

EPSS

Percentile

93.3%

JSON

UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string “{\cb-999999999”.

Affected configurations

NVD

Node

unrtf_projectunrtfRange≤0.21.6

Node

fedoraprojectfedoraMatch21

Node

mageia_projectmageiaMatch4

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

CPENameOperatorVersion
unrtf_project:unrtfunrtf project unrtfle0.21.6

CPE	Name	Operator	Version
unrtf_project:unrtf	unrtf project unrtf	le	0.21.6

References

advisories.mageia.org/MGASA-2014-0533.html

lists.fedoraproject.org/pipermail/package-announce/2015-January/147399.html

secunia.com/advisories/62811

www.debian.org/security/2015/dsa-3158

www.mandriva.com/security/advisories?name=MDVSA-2015:007

www.openwall.com/lists/oss-security/2014/12/04/15

www.securityfocus.com/bid/71430

bugzilla.redhat.com/show_bug.cgi?id=1170233

lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.html

security.gentoo.org/glsa/201507-06

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.057 Low

EPSS

Percentile

93.3%

JSON

Related for CVE-2014-9274

prion1 debiancve1 cvelist1 ubuntucve1 nvd1 openvas6 nessus5 gentoo1 archlinux1 debian3 fedora1 osv2 securityvulns2 mageia1