CVE-2005-2972: Buffer Overflow
First published: Sun Oct 23 2005(Updated: )
Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the (1) ParseLevelText, (2) getCharsInsideBrace, (3) HandleLists, (4) or (5) HandleAbiLists functions in ie_imp_RTF.cpp, a different vulnerability than CVE-2005-2964.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Abisource Community Abiword | <=2.2.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://scary.beasts.org/security/CESA-2005-006.txt
- http://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg28251.html
- http://www.gentoo.org/security/en/glsa/glsa-200510-17.xml
- http://www.abisource.com/changelogs/2.2.11.phtml
- http://www.securityfocus.com/bid/15096
- http://www.osvdb.org/20015
- http://secunia.com/advisories/17199
- http://www.debian.org/security/2005/dsa-894
- http://secunia.com/advisories/17200
- http://secunia.com/advisories/17213
- http://secunia.com/advisories/17264
- http://secunia.com/advisories/17551
- http://www.vupen.com/english/advisories/2005/2086
- https://usn.ubuntu.com/203-1/
- http://www.mail-archive.com/debian-bugs-rc%40lists.debian.org/msg28251.html
- collector/nvd-historical
- vendor/abisource
- product/community abiword
- canonical/abisource community abiword
- collector/nvd-index
- collector/nvd-api
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/remedy
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- version/abisource community abiword/2.2.10