CVE-2005-2972 - OpenCVE

Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the (1) ParseLevelText, (2) getCharsInsideBrace, (3) HandleLists, (4) or (5) HandleAbiLists functions in ie_imp_RTF.cpp, a different vulnerability than CVE-2005-2964.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Abisource	Community Abiword

Configuration 1 [-]

cpe:2.3:a:abisource:community_abiword:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://scary.beasts.org/security/CESA-2005-006.txt
http://secunia.com/advisories/17199
http://secunia.com/advisories/17200
http://secunia.com/advisories/17213
http://secunia.com/advisories/17264
http://secunia.com/advisories/17551
http://www.abisource.com/changelogs/2.2.11.phtml
http://www.debian.org/security/2005/dsa-894
http://www.gentoo.org/security/en/glsa/glsa-200510-17.xml
http://www.mail-archive.com/debian-bugs-rc%40lists.debian.org/msg28251.html
http://www.osvdb.org/20015
http://www.securityfocus.com/bid/15096
http://www.vupen.com/english/advisories/2005/2086
https://usn.ubuntu.com/203-1/

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2005-10-23T04:00:00

Updated: 2024-08-07T22:53:29.907Z

Reserved: 2005-09-19T00:00:00

Link: CVE-2005-2972

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-10-23T10:02:00.000

Modified: 2023-11-07T01:57:44.553

Link: CVE-2005-2972

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-10-13T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the (1) ParseLevelText, (2) getCharsInsideBrace, (3) HandleLists, (4) or (5) HandleAbiLists functions in ie_imp_RTF.cpp, a different vulnerability than CVE-2005-2964."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-03T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "20015", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/20015"}, {"name": "ADV-2005-2086", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2005/2086"}, {"name": "17199", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17199"}, {"name": "DSA-894", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2005/dsa-894"}, {"name": "USN-203-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/203-1/"}, {"name": "17551", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17551"}, {"name": "17264", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17264"}, {"tags": ["x_refsource_MISC"], "url": "http://www.mail-archive.com/debian-bugs-rc%40lists.debian.org/msg28251.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.abisource.com/changelogs/2.2.11.phtml"}, {"name": "17213", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17213"}, {"tags": ["x_refsource_MISC"], "url": "http://scary.beasts.org/security/CESA-2005-006.txt"}, {"name": "15096", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15096"}, {"name": "GLSA-200510-17", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-17.xml"}, {"name": "17200", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17200"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2005-2972", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the (1) ParseLevelText, (2) getCharsInsideBrace, (3) HandleLists, (4) or (5) HandleAbiLists functions in ie_imp_RTF.cpp, a different vulnerability than CVE-2005-2964."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20015", "refsource": "OSVDB", "url": "http://www.osvdb.org/20015"}, {"name": "ADV-2005-2086", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2086"}, {"name": "17199", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17199"}, {"name": "DSA-894", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2005/dsa-894"}, {"name": "USN-203-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/203-1/"}, {"name": "17551", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17551"}, {"name": "17264", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17264"}, {"name": "http://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg28251.html", "refsource": "MISC", "url": "http://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg28251.html"}, {"name": "http://www.abisource.com/changelogs/2.2.11.phtml", "refsource": "CONFIRM", "url": "http://www.abisource.com/changelogs/2.2.11.phtml"}, {"name": "17213", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17213"}, {"name": "http://scary.beasts.org/security/CESA-2005-006.txt", "refsource": "MISC", "url": "http://scary.beasts.org/security/CESA-2005-006.txt"}, {"name": "15096", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15096"}, {"name": "GLSA-200510-17", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-17.xml"}, {"name": "17200", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17200"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T22:53:29.907Z"}, "title": "CVE Program Container", "references": [{"name": "20015", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/20015"}, {"name": "ADV-2005-2086", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2005/2086"}, {"name": "17199", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17199"}, {"name": "DSA-894", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2005/dsa-894"}, {"name": "USN-203-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/203-1/"}, {"name": "17551", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17551"}, {"name": "17264", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17264"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.mail-archive.com/debian-bugs-rc%40lists.debian.org/msg28251.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.abisource.com/changelogs/2.2.11.phtml"}, {"name": "17213", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17213"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://scary.beasts.org/security/CESA-2005-006.txt"}, {"name": "15096", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/15096"}, {"name": "GLSA-200510-17", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-17.xml"}, {"name": "17200", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/17200"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2005-2972", "datePublished": "2005-10-23T04:00:00", "dateReserved": "2005-09-19T00:00:00", "dateUpdated": "2024-08-07T22:53:29.907Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:abisource:community_abiword:*:*:*:*:*:*:*:*", "matchCriteriaId": "576159E7-70BC-45EB-8F7A-E60809AD1CE3", "versionEndIncluding": "2.2.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the (1) ParseLevelText, (2) getCharsInsideBrace, (3) HandleLists, (4) or (5) HandleAbiLists functions in ie_imp_RTF.cpp, a different vulnerability than CVE-2005-2964."}], "id": "CVE-2005-2972", "lastModified": "2023-11-07T01:57:44.553", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2005-10-23T10:02:00.000", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Vendor Advisory"], "url": "http://scary.beasts.org/security/CESA-2005-006.txt"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17199"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17200"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17213"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17264"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17551"}, {"source": "secalert@redhat.com", "url": "http://www.abisource.com/changelogs/2.2.11.phtml"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2005/dsa-894"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-17.xml"}, {"source": "secalert@redhat.com", "url": "http://www.mail-archive.com/debian-bugs-rc%40lists.debian.org/msg28251.html"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/20015"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/15096"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2005/2086"}, {"source": "secalert@redhat.com", "url": "https://usn.ubuntu.com/203-1/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}