Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the (1) ParseLevelText, (2) getCharsInsideBrace, (3) HandleLists, (4) or (5) HandleAbiLists functions in ie_imp_RTF.cpp, a different vulnerability than CVE-2005-2964.
References
Link | Resource |
---|---|
http://scary.beasts.org/security/CESA-2005-006.txt | Exploit Vendor Advisory |
http://secunia.com/advisories/17199 | Vendor Advisory |
http://secunia.com/advisories/17200 | Vendor Advisory |
http://secunia.com/advisories/17213 | Vendor Advisory |
http://secunia.com/advisories/17264 | Vendor Advisory |
http://secunia.com/advisories/17551 | Vendor Advisory |
http://www.abisource.com/changelogs/2.2.11.phtml | |
http://www.debian.org/security/2005/dsa-894 | |
http://www.gentoo.org/security/en/glsa/glsa-200510-17.xml | Patch Vendor Advisory |
http://www.mail-archive.com/debian-bugs-rc%40lists.debian.org/msg28251.html | |
http://www.osvdb.org/20015 | |
http://www.securityfocus.com/bid/15096 | |
http://www.vupen.com/english/advisories/2005/2086 | Vendor Advisory |
https://usn.ubuntu.com/203-1/ |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2005-10-23T04:00:00
Updated: 2018-10-03T20:57:01
Reserved: 2005-09-19T00:00:00
Link: CVE-2005-2972
JSON object: View
NVD Information
Status : Modified
Published: 2005-10-23T10:02:00.000
Modified: 2023-11-07T01:57:44.553
Link: CVE-2005-2972
JSON object: View
Redhat Information
No data.
CWE