1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200501-15 / app-text/unrtf |
| Release Date | January 10, 2005 |
| Latest Revision | January 10, 2005: 01 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| app-text/unrtf | < 0.19.3-r1 | >= 0.19.3-r1 | All supported architectures |
Related bugreports: #74480
A buffer overflow in UnRTF allows an attacker to execute arbitrary code by way of a specially crafted RTF file.
UnRTF is a utility to convert files in the Rich Text Format into other formats.
An unchecked strcat() in unrtf may overflow the bounds of a static buffer.
Using a specially crafted file, possibly delivered by e-mail or over the web, an attacker may execute arbitrary code with the permissions of the user running UnRTF.
There is no known workaround at this time.
All unrtf users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=app-text/unrtf-0.19.3-r1" |