Vulnerability Description
Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the (1) ParseLevelText, (2) getCharsInsideBrace, (3) HandleLists, (4) or (5) HandleAbiLists functions in ie_imp_RTF.cpp, a different vulnerability than CVE-2005-2964.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Abisource | Community Abiword | <= 2.2.10 |
Related Weaknesses (CWE)
References
- http://scary.beasts.org/security/CESA-2005-006.txtExploitVendor Advisory
- http://secunia.com/advisories/17199Vendor Advisory
- http://secunia.com/advisories/17200Vendor Advisory
- http://secunia.com/advisories/17213Vendor Advisory
- http://secunia.com/advisories/17264Vendor Advisory
- http://secunia.com/advisories/17551Vendor Advisory
- http://www.abisource.com/changelogs/2.2.11.phtml
- http://www.debian.org/security/2005/dsa-894
- http://www.gentoo.org/security/en/glsa/glsa-200510-17.xmlPatchVendor Advisory
- http://www.mail-archive.com/debian-bugs-rc%40lists.debian.org/msg28251.html
- http://www.osvdb.org/20015
- http://www.securityfocus.com/bid/15096
- http://www.vupen.com/english/advisories/2005/2086Vendor Advisory
- https://usn.ubuntu.com/203-1/
- http://scary.beasts.org/security/CESA-2005-006.txtExploitVendor Advisory
FAQ
What is CVE-2005-2972?
CVE-2005-2972 is a vulnerability with a CVSS score of 5.1 (MEDIUM). Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not pr...
How severe is CVE-2005-2972?
CVE-2005-2972 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2972?
Check the references section above for vendor advisories and patch information. Affected products include: Abisource Community Abiword.