CVE-2014-9274 - OpenCVE

UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Fedoraproject	Fedora
Mageia Project	Mageia
Unrtf Project	Unrtf

Configuration 1 [-]

cpe:2.3:a:unrtf_project:unrtf:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:mageia_project:mageia:4:*:*:*:*:*:*:*

Configuration 4 [-]

OR	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*

No data.

References

Link	Providers
http://advisories.mageia.org/MGASA-2014-0533.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147399.html
http://secunia.com/advisories/62811
http://www.debian.org/security/2015/dsa-3158
http://www.mandriva.com/security/advisories?name=MDVSA-2015:007
http://www.openwall.com/lists/oss-security/2014/12/04/15
http://www.securityfocus.com/bid/71430
https://bugzilla.redhat.com/show_bug.cgi?id=1170233
https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.html
https://security.gentoo.org/glsa/201507-06

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-12-09T22:52:00

Updated: 2024-08-06T13:40:24.592Z

Reserved: 2014-12-04T00:00:00

Link: CVE-2014-9274

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-12-09T23:59:10.037

Modified: 2016-12-22T02:59:21.250

Link: CVE-2014-9274

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-11-24T00:00:00", "descriptions": [{"lang": "en", "value": "UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string \"{\\cb-999999999\"."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-20T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2014-0533.html"}, {"name": "62811", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62811"}, {"name": "FEDORA-2014-17281", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147399.html"}, {"name": "[oss-security] 20141204 Re: CVE request: out-of-bounds memory access flaw in unrtf", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/12/04/15"}, {"name": "DSA-3158", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3158"}, {"name": "MDVSA-2015:007", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:007"}, {"name": "71430", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/71430"}, {"name": "[bug-unrtf] 20141124 out-of-bounds memory access in unrtf", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.html"}, {"name": "GLSA-201507-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201507-06"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1170233"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9274", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string \"{\\cb-999999999\"."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://advisories.mageia.org/MGASA-2014-0533.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0533.html"}, {"name": "62811", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62811"}, {"name": "FEDORA-2014-17281", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147399.html"}, {"name": "[oss-security] 20141204 Re: CVE request: out-of-bounds memory access flaw in unrtf", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/12/04/15"}, {"name": "DSA-3158", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3158"}, {"name": "MDVSA-2015:007", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:007"}, {"name": "71430", "refsource": "BID", "url": "http://www.securityfocus.com/bid/71430"}, {"name": "[bug-unrtf] 20141124 out-of-bounds memory access in unrtf", "refsource": "MLIST", "url": "https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.html"}, {"name": "GLSA-201507-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201507-06"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1170233", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1170233"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:40:24.592Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2014-0533.html"}, {"name": "62811", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62811"}, {"name": "FEDORA-2014-17281", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147399.html"}, {"name": "[oss-security] 20141204 Re: CVE request: out-of-bounds memory access flaw in unrtf", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/12/04/15"}, {"name": "DSA-3158", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3158"}, {"name": "MDVSA-2015:007", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:007"}, {"name": "71430", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/71430"}, {"name": "[bug-unrtf] 20141124 out-of-bounds memory access in unrtf", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.html"}, {"name": "GLSA-201507-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201507-06"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1170233"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-9274", "datePublished": "2014-12-09T22:52:00", "dateReserved": "2014-12-04T00:00:00", "dateUpdated": "2024-08-06T13:40:24.592Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:unrtf_project:unrtf:*:*:*:*:*:*:*:*", "matchCriteriaId": "72B3570E-3CA9-47E3-9A6B-7A065C610F7C", "versionEndIncluding": "0.21.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mageia_project:mageia:4:*:*:*:*:*:*:*", "matchCriteriaId": "27086E40-75A5-4C4A-AD20-8D9B1EBB31C8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string \"{\\cb-999999999\"."}, {"lang": "es", "value": "UnRTF permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario tal y como fue demostrado por un fichero que conten\u00eda la cadena '{\\cb-999999999'."}], "id": "CVE-2014-9274", "lastModified": "2016-12-22T02:59:21.250", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-12-09T23:59:10.037", "references": [{"source": "cve@mitre.org", "url": "http://advisories.mageia.org/MGASA-2014-0533.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147399.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/62811"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2015/dsa-3158"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:007"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2014/12/04/15"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/71430"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1170233"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.html"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201507-06"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}