OESA-2026-1012 unrtf security update

UnRTF is a command-line program written in C which converts documents in Rich Text Format .rtf to HTML, LaTeX, troff macros, and RTF itself. Converting to HTML, it supports a number of features of Rich Text Format: Changes in the text's font, size, weight bold, and slant italic Underlines and...

EUVD-2004-0783

Malware in sbrugna...

EUVD-2001-0240

Malware in sbrugna...

EUVD-2009-0769

Malware in sbrugna...

EUVD-2005-2502

Malware in sbrugna...

Malicious code in browser-html-to-rtf (npm)

The package browser-html-to-rtf was found to contain malicious code...

Exploit for Use After Free in Microsoft

🛑 CVE-2025-21298 – Critical Zero-Click RCE in Microsoft Window...

The vulnerability of Microsoft Office Word and 365 Apps for Enterprise applications relates to buffer overflows in dynamic memory, allowing an attacker to execute arbitrary code.

The vulnerability of Microsoft Office Word and 365 Apps for Enterprise lies in the overflowing of buffers in the dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created RTF file...

CVE-2005-2516

Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format RTF files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands...

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software lies in its ability to copy buffers without checking the size of the input data. This allows attackers to execute arbitrary code.

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created RTF file...

Tracker Software PDF-XChange Editor 安全漏洞

Tracker Software PDF-XChange Editor is a suite of software for viewing and editing PDF format files from Tracker Software, a Canadian company. A security vulnerability exists in Tracker Software PDF-XChange Editor that stems from the RTF file parsing module containing a heap-based buffer overflow...

Exploit for Integer Overflow or Wraparound in Microsoft

CVE-2023-21716 Microsoft Word RTF Font Table Heap Corruption...

SUSE CVE-2010-3452

Use-after-free vulnerability in oowriter in OpenOffice.org OOo 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via crafted tags in an RTF document...

SUSE CVE-2014-9093

LibreOffice before 4.3.5 allows remote attackers to cause a denial of service invalid write operation and crash and possibly execute arbitrary code via a crafted RTF file...

PT-2022-7396 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.4 Description: The issue is related to the improper neutralization of input data during web page generation, allowing a remote attacker to execute arbitrary code using specially crafted RTF data. This can be used t...

Microsoft Office zero-day “Follina”—it’s not a bug, it’s a feature! (It’s a bug)

Update: Please see our FAQ for the latest guidance and mitigation tips on Follina. On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool MSDT in Windows vulnerability. The mitigation offered by Microsoft consists of an alternative method to...

Zero-day vulnerability discovered in Microsoft Word

A researcher has found a zero-day vulnerability in Microsoft Word. This new exploit in Office macros, external template files containing malicious code while macros are disabled. When a user converts the document to RTF format, the code is also executed in "Protected view" or "Preview mode. For...

Ubuntu: Security Advisory (USN-5202-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated...

Microsoft Office Memory Corruption Vulnerability

Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code execution in the context of the current user...