Stack-based buffer overflow in the separate_word function in tokenize.c in Link Grammar 4.1b and possibly other versions, as used in AbiWord Link Grammar 4.2.4, allows remote attackers to execute arbitrary code via a long word, as reachable through the separate_sentence function.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Abiword
  • Abiword Link Grammar
Link Grammar
  • Link Grammar

Configuration 1 [-]

AND
cpe:2.3:a:link_grammar:link_grammar:4.1b:*:*:*:*:*:*:*
cpe:2.3:a:abiword:abiword_link_grammar:4.2.4:*:*:*:*:*:*:*

No data.

References
Link Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=450695 cve-icon cve-icon
http://bugs.gentoo.org/show_bug.cgi?id=196803 cve-icon cve-icon
http://secunia.com/advisories/27300 cve-icon cve-icon
http://secunia.com/advisories/27340 cve-icon cve-icon
http://secunia.com/advisories/27631 cve-icon cve-icon
http://secunia.com/advisories/27702 cve-icon cve-icon
http://secunia.com/advisories/27783 cve-icon cve-icon
http://secunia.com/advisories/28101 cve-icon cve-icon
http://secunia.com/secunia_research/2007-78/advisory/ cve-icon cve-icon
http://secunia.com/secunia_research/2007-79/advisory/ cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200711-27.xml cve-icon cve-icon
http://www.debian.org/security/2007/dsa-1432 cve-icon cve-icon
http://www.securityfocus.com/archive/1/483368/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/483370/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/26365 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-545-1 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/3770 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/3771 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=371221 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/38317 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2007-5395 cve-icon
https://www.cve.org/CVERecord?id=CVE-2007-5395 cve-icon
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00411.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: flexera

Published: 2007-11-08T02:00:00

Updated: 2024-08-07T15:31:57.813Z

Reserved: 2007-10-12T00:00:00

Link: CVE-2007-5395

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2007-11-08T02:46:00.000

Modified: 2018-10-15T21:44:18.123

Link: CVE-2007-5395

cve-icon Redhat

Severity : Important

Publid Date: 2007-11-07T00:00:00Z

Links: CVE-2007-5395 - Bugzilla