CVE-2016-10091

Name of the Vulnerable Software and Affected Versions unrtf version 0.21.9

Description The issue is caused by multiple stack-based buffer overflows that allow remote attackers to cause a denial-of-service. This can be achieved by writing a negative integer to the (1) cmd expand function, (2) cmd emboss function, or (3) cmd engrave function.

Recommendations For unrtf version 0.21.9, as a temporary workaround, consider disabling the cmd expand, cmd emboss, and cmd engrave functions until a patch is available. Restrict access to these functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.