#VU121146 Stack-based buffer overflow in unrtf - CVE-2025-65410

Cybersecurity Help s.r.o.

Published: 2026-01-10

Vulnerability identifier: #VU121146

Vulnerability risk: Medium

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-65410

CWE-ID: CWE-121

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
unrtf
Universal components / Libraries / Libraries used by multiple products

Vendor: GNU

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary error when processing filenames. A remote attacker can pass a specially crafted filename to the application, trigger a stack-based buffer overflow and perform a denial of service attack.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

unrtf: 0.18.1 - 0.21.10

External links
https://github.com/MAXEUR5/Vulnerability_Disclosures/blob/main/2025/CVE-2025-65410.md
https://hg.savannah.gnu.org/hgweb/unrtf/rev/a5d3b025a8b1
https://lists.gnu.org/archive/html/bug-unrtf/2025-11/msg00001.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

openEuler 22.03 LTS SP4 update for unrtf

openEuler 24.03 LTS update for unrtf

openEuler 24.03 LTS SP1 update for unrtf

openEuler 24.03 LTS SP2 update for unrtf

openEuler 24.03 LTS SP3 update for unrtf

openEuler 22.03 LTS SP3 update for unrtf

Stack-based buffer overflow in GNU Unrtf