Mandriva Linux Security Advisory : unrtf (MDVSA-2015:007)
High Nessus Plugin ID 80426
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionUpdated unrtf package fixes security vulnerabilities :
Michal Zalewski reported an out-of-bounds memory access vulnerability in unrtf. Processing a malformed RTF file could lead to a segfault while accessing a pointer that may be under the attacker's control.
This would lead to a denial of service (application crash) or, potentially, the execution of arbitrary code (CVE-2014-9274).
Hanno Bck also reported a number of other crashes in unrtf (CVE-2014-9275).
SolutionUpdate the affected unrtf package.