GNU Unrtf is a software framework for building networked applications. The vulnerability in question occurs in the src/main.c component of GNU Unrtf v0.21.10, which allows attackers to cause a Denial of Service (DoS) by injecting a crafted input into the filename parameter. This can lead to a stack overflow, causing the application to crash or become unresponsive.
You're affected if you use GNU Unrtf v0.21.10. To check if you're affected, run hg show 0.21.10 in your terminal (assuming you have Mercurial installed).
Note: This is a niche software, and if you don't recognize the name, you're probably not affected.
Version info: Not specified in the advisory.
To fix this vulnerability, you can upgrade to GNU Unrtf v0.21.11 or later. You can download the latest version from the official GitHub repository: https://github.com/gnu-unrtf/unrtf
Immediate mitigations:
hg update in your terminal (assuming you have Mercurial installed)UNRTF_DISABLE_SRC_MAIN_C environment variable to "1"