NotCVE - vendor:"Abisource" product:"Community Abiword" version:" <= 2.2.10"

3 results (0.003 seconds)

CVSS: 5.1EPSS: 1%CPEs: 1EXPL: 1

CVE-2005-2972

https://notcve.org/view.php?id=CVE-2005-2972

Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the (1) ParseLevelText, (2) getCharsInsideBrace, (3) HandleLists, (4) or (5) HandleAbiLists functions in ie_imp_RTF.cpp, a different vulnerability than CVE-2005-2964. • http://scary.beasts.org/security/CESA-2005-006.txt http://secunia.com/advisories/17199 http://secunia.com/advisories/17200 http://secunia.com/advisories/17213 http://secunia.com/advisories/17264 http://secunia.com/advisories/17551 http://www.abisource.com/changelogs/2.2.11.phtml http://www.debian.org/security/2005/dsa-894 http://www.gentoo.org/security/en/glsa/glsa-200510-17.xml http://www.mail-archive.com/debian-bugs-rc%40lists.debian.org/msg28251.html http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

CVE-2005-2964

https://notcve.org/view.php?id=CVE-2005-2964

Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via the RTF import mechanism. • http://secunia.com/advisories/16982 http://secunia.com/advisories/16990 http://secunia.com/advisories/17012 http://secunia.com/advisories/17052 http://secunia.com/advisories/17070 http://secunia.com/advisories/17215 http://secunia.com/advisories/17551 http://securitytracker.com/id?1014982 http://www.abiword.org/release-notes/2.2.10.phtml http://www.debian.org/security/2005/dsa-894 http://www.gentoo.org/security/en/glsa/glsa-200509-20.xml http://www.gentoo.org/ •

CVSS: 10.0EPSS: 9%CPEs: 9EXPL: 1

CVE-2004-0645

https://notcve.org/view.php?id=CVE-2004-0645

Buffer overflow in the wvHandleDateTimePicture function in wv library (wvWare) 0.7.4 through 0.7.6 and 1.0.0 allows remote attackers to execute arbitrary code via a document with a long DateTime field. Desbordamiento de búfer en la función wvHandleDateTimePicture en la librería wv (wvWare) 0.7.4 a 0.7.6 y 1.0.0 permite a atacantes remotos ejecutar código de su elección mediante un documento con un campo DateTime largo. • http://cpan.cybercomm.nl/pub/gentoo-portage/app-text/wv/files/wv-1.0.0-fix_overflow.patch http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000863 http://security.gentoo.org/glsa/glsa-200407-11.xml http://www.debian.org/security/2004/dsa-579 http://www.freebsd.org/ports/portaudit/7a5430df-d562-11d8-b479-02e0185c0b53.html http://www.idefense.com/application/poi/display?id=115&type=vulnerabilities http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:077 •