Vulnerability Details : CVE-2007-5395
Stack-based buffer overflow in the separate_word function in tokenize.c in Link Grammar 4.1b and possibly other versions, as used in AbiWord Link Grammar 4.2.4, allows remote attackers to execute arbitrary code via a long word, as reachable through the separate_sentence function.
Vulnerability category: OverflowExecute code
Products affected by CVE-2007-5395
- cpe:2.3:a:abiword:abiword_link_grammar:4.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:link_grammar:link_grammar:4.1b:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-5395
26.84%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-5395
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2007-5395
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-5395
-
http://www.vupen.com/english/advisories/2007/3771
Site en construction
-
http://www.securityfocus.com/archive/1/483368/100/0/threaded
-
http://www.vupen.com/english/advisories/2007/3770
Site en construction
-
http://www.securityfocus.com/bid/26365
-
http://www.ubuntu.com/usn/usn-545-1
USN-545-1: link-grammar vulnerability | Ubuntu security notices | Ubuntu
-
http://security.gentoo.org/glsa/glsa-200711-27.xml
Link Grammar: User-assisted execution of arbitrary code (GLSA 200711-27) — Gentoo security
-
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00411.html
[SECURITY] Fedora 7 Update: link-grammar-4.2.5-1.fc7
-
http://www.securityfocus.com/archive/1/483370/100/0/threaded
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=450695
#450695 - CVE-2007-5395 arbitrary code execution via crafted file - Debian Bug report logs
-
http://bugs.gentoo.org/show_bug.cgi?id=196803
196803 – dev-libs/link-grammar: buffer overflow in tokenize.c (separate_word()) (CVE-2007-5395)
-
http://www.debian.org/security/2007/dsa-1432
[SECURITY] [DSA 1432-1] New link-grammar packages fix execution of code
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/38317
AbiWord Link Grammar and Link Grammar separate_sentence() buffer overflow CVE-2007-5395 Vulnerability Report
-
https://bugzilla.redhat.com/show_bug.cgi?id=371221
371221 – (CVE-2007-5395) CVE-2007-5395 link-grammar buffer overflow in tokenize.c
Jump to