Main Vulnerability Database SB2026011010

SB2026011010 - Denial of service in GNU Unrtf

Published: January 10, 2026

Security Bulletin ID SB2026011010

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2025-65411)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when processing data passed via the search_path parameter. A remote attacker can crash the application.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://github.com/MAXEUR5/Vulnerability_Disclosures/blob/main/2025/CVE-2025-65411.md
https://lists.gnu.org/archive/html/bug-unrtf/2025-11/msg00000.html
https://sources.debian.org/src/unrtf/0.21.10-clean-1/src/main.c/#L661