CVE-2025-65410
Unknown Unknown - Not Provided

Stack Overflow in GNU Unrtf src/main.c Causes DoS

Vulnerability report for CVE-2025-65410, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-23

Last updated on: 2025-12-23

Assigner: MITRE

Description

A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted input into the filename parameter.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-23
Last Modified
2025-12-23
Generated
2026-07-06
AI Q&A
2025-12-23
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
gnu unrtf 0.21.10

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-65410 is a stack-based buffer overflow vulnerability in the src/main.c component of GNU Unrtf version 0.21.10. It occurs due to improper handling of the filename parameter, allowing attackers to inject crafted input that overflows the stack. This can cause the unrtf process to crash and potentially enable an attacker to hijack the return address, leading to arbitrary code execution. [3]

Impact Analysis

This vulnerability can cause a Denial of Service (DoS) by crashing the unrtf process. More severely, it may allow an attacker to execute arbitrary code on the affected system by exploiting the stack overflow and hijacking the return address, potentially compromising system security. [3]

Detection Guidance

This vulnerability can be detected by monitoring for crashes or abnormal termination of the unrtf process when processing input files, especially those with crafted filenames. Since the vulnerability involves a stack-based buffer overflow triggered by the filename parameter, testing with specially crafted inputs can reveal the issue. However, no specific detection commands are provided in the available resources. [3]

Mitigation Strategies

Immediate mitigation steps include avoiding the use of unrtf version 0.21.10 until a patch is applied. Applying the patch submitted via Savannah Bug Tracker entries #67666 and #67667 once available is recommended. Additionally, restrict untrusted input files and monitor unrtf process behavior to prevent exploitation. Coordinated disclosure suggests waiting for the official fix before public use. [3]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65410. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart