CVE-2005-2964 : Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute

Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via the RTF import mechanism.

Published 2005-09-28 21:03:00

Updated 2025-04-03 01:03:51

Source Debian GNU/Linux

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2005-2964

Abisource » Community Abiword
Versions up to, including, (<=) 2.2.9
cpe:2.3:a:abisource:community_abiword:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2005-2964

EPSS FAQ

2.08%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 82 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2005-2964

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2005-2964

http://secunia.com/advisories/17070

About Secunia Research | Flexera

CVEs referencing this url
http://www.ubuntu.com/usn/usn-188-1

USN-188-1: AbiWord vulnerability | Ubuntu security notices | Ubuntu
http://secunia.com/advisories/17551

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/16982

About Secunia Research | Flexera
http://secunia.com/advisories/17052

About Secunia Research | Flexera
http://securitytracker.com/id?1014982

Access Denied
http://secunia.com/advisories/17215

About Secunia Research | Flexera

CVEs referencing this url
http://www.debian.org/security/2005/dsa-894

[SECURITY] [DSA 894-1] New AbiWord packages fix arbitrary code execution

CVEs referencing this url
http://secunia.com/advisories/16990

About Secunia Research | Flexera
http://www.abiword.org/release-notes/2.2.10.phtml

Patch
http://www.gentoo.org/security/en/glsa/glsa-200509-20.xml

AbiWord: RTF import stack-based buffer overflow (GLSA 200509-20) — Gentoo security
http://www.gentoo.org/security/en/glsa/glsa-200510-04.xml

Texinfo: Insecure temporary file creation (GLSA 200510-04) — Gentoo security

CVEs referencing this url
http://www.novell.com/linux/security/advisories/2005_23_sr.html

404 Page Not Found | SUSE

CVEs referencing this url
http://www.securityfocus.com/bid/14971
http://secunia.com/advisories/17012

About Secunia Research | Flexera
https://exchange.xforce.ibmcloud.com/vulnerabilities/22454

AbiWord RTF Importer buffer overflow CVE-2005-2972 Vulnerability Report
http://www.osvdb.org/19717

404 Not Found

Jump to

Vulnerability Details : CVE-2005-2964

Products affected by CVE-2005-2964

Exploit prediction scoring system (EPSS) score for CVE-2005-2964

CVSS scores for CVE-2005-2964

References for CVE-2005-2964