{"api_version":"1","generated_at":"2026-04-23T15:08:32+00:00","cve":"CVE-2005-2972","urls":{"html":"https://cve.report/CVE-2005-2972","api":"https://cve.report/api/cve/CVE-2005-2972.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2005-2972","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2005-2972"},"summary":{"title":"CVE-2005-2972","description":"Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the (1) ParseLevelText, (2) getCharsInsideBrace, (3) HandleLists, (4) or (5) HandleAbiLists functions in ie_imp_RTF.cpp, a different vulnerability than CVE-2005-2964.","state":"PUBLISHED","assigner":"redhat","published_at":"2005-10-23 10:02:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["CWE-119","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5.1","severity":"","vector":"AV:N/AC:H/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:P/A:P","baseScore":5.1,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://scary.beasts.org/security/CESA-2005-006.txt","name":"http://scary.beasts.org/security/CESA-2005-006.txt","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/20015","name":"http://www.osvdb.org/20015","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://secunia.com/advisories/17213","name":"http://secunia.com/advisories/17213","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Secunia - Advisories - Fedora update for abiword","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/203-1/","name":"https://usn.ubuntu.com/203-1/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"USN-203-1: Abiword vulnerabilities | Ubuntu security notices","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.abisource.com/changelogs/2.2.11.phtml","name":"http://www.abisource.com/changelogs/2.2.11.phtml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"AbiWord v2.2.11 ChangeLog","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/15096","name":"http://www.securityfocus.com/bid/15096","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"AbiWord Stack-Based Buffer Overflow Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/17551","name":"http://secunia.com/advisories/17551","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Debian update for abiword - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mail-archive.com/debian-bugs-rc%40lists.debian.org/msg28251.html","name":"http://www.mail-archive.com/debian-bugs-rc%40lists.debian.org/msg28251.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Bug#333740: abiword: [CAN-2005-2972] More RTF import buffer overflows","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2005/2086","name":"http://www.vupen.com/english/advisories/2005/2086","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/17199","name":"http://secunia.com/advisories/17199","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Secunia - Advisories - AbiWord RTF Importer Buffer Overflow Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2005/dsa-894","name":"http://www.debian.org/security/2005/dsa-894","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Debian -- Security Information -- DSA-894-1 abiword","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.gentoo.org/security/en/glsa/glsa-200510-17.xml","name":"http://www.gentoo.org/security/en/glsa/glsa-200510-17.xml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Gentoo Linux Documentation\n--\n  AbiWord: New RTF import buffer overflows","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/17200","name":"http://secunia.com/advisories/17200","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Secunia - Advisories - Ubuntu update for abiword","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/17264","name":"http://secunia.com/advisories/17264","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Secunia - Advisories - Gentoo update for abiword","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg28251.html","name":"MISC:http://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg28251.html","refsource":"MITRE","tags":[],"title":"Bug#333740: abiword: [CAN-2005-2972] More RTF import buffer overflows","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2005-2972","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2005-2972","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2005","cve_id":"2972","vulnerable":"1","versionEndIncluding":"2.2.10","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"abisource","cpe5":"community_abiword","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T22:53:29.907Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"20015","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/20015"},{"name":"ADV-2005-2086","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2005/2086"},{"name":"17199","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/17199"},{"name":"DSA-894","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2005/dsa-894"},{"name":"USN-203-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"https://usn.ubuntu.com/203-1/"},{"name":"17551","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/17551"},{"name":"17264","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/17264"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.mail-archive.com/debian-bugs-rc%40lists.debian.org/msg28251.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.abisource.com/changelogs/2.2.11.phtml"},{"name":"17213","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/17213"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://scary.beasts.org/security/CESA-2005-006.txt"},{"name":"15096","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/15096"},{"name":"GLSA-200510-17","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"http://www.gentoo.org/security/en/glsa/glsa-200510-17.xml"},{"name":"17200","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/17200"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2005-10-13T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the (1) ParseLevelText, (2) getCharsInsideBrace, (3) HandleLists, (4) or (5) HandleAbiLists functions in ie_imp_RTF.cpp, a different vulnerability than CVE-2005-2964."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-03T20:57:01.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"20015","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/20015"},{"name":"ADV-2005-2086","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2005/2086"},{"name":"17199","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/17199"},{"name":"DSA-894","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2005/dsa-894"},{"name":"USN-203-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"https://usn.ubuntu.com/203-1/"},{"name":"17551","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/17551"},{"name":"17264","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/17264"},{"tags":["x_refsource_MISC"],"url":"http://www.mail-archive.com/debian-bugs-rc%40lists.debian.org/msg28251.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.abisource.com/changelogs/2.2.11.phtml"},{"name":"17213","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/17213"},{"tags":["x_refsource_MISC"],"url":"http://scary.beasts.org/security/CESA-2005-006.txt"},{"name":"15096","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/15096"},{"name":"GLSA-200510-17","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"http://www.gentoo.org/security/en/glsa/glsa-200510-17.xml"},{"name":"17200","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/17200"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secalert@redhat.com","ID":"CVE-2005-2972","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the (1) ParseLevelText, (2) getCharsInsideBrace, (3) HandleLists, (4) or (5) HandleAbiLists functions in ie_imp_RTF.cpp, a different vulnerability than CVE-2005-2964."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20015","refsource":"OSVDB","url":"http://www.osvdb.org/20015"},{"name":"ADV-2005-2086","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2005/2086"},{"name":"17199","refsource":"SECUNIA","url":"http://secunia.com/advisories/17199"},{"name":"DSA-894","refsource":"DEBIAN","url":"http://www.debian.org/security/2005/dsa-894"},{"name":"USN-203-1","refsource":"UBUNTU","url":"https://usn.ubuntu.com/203-1/"},{"name":"17551","refsource":"SECUNIA","url":"http://secunia.com/advisories/17551"},{"name":"17264","refsource":"SECUNIA","url":"http://secunia.com/advisories/17264"},{"name":"http://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg28251.html","refsource":"MISC","url":"http://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg28251.html"},{"name":"http://www.abisource.com/changelogs/2.2.11.phtml","refsource":"CONFIRM","url":"http://www.abisource.com/changelogs/2.2.11.phtml"},{"name":"17213","refsource":"SECUNIA","url":"http://secunia.com/advisories/17213"},{"name":"http://scary.beasts.org/security/CESA-2005-006.txt","refsource":"MISC","url":"http://scary.beasts.org/security/CESA-2005-006.txt"},{"name":"15096","refsource":"BID","url":"http://www.securityfocus.com/bid/15096"},{"name":"GLSA-200510-17","refsource":"GENTOO","url":"http://www.gentoo.org/security/en/glsa/glsa-200510-17.xml"},{"name":"17200","refsource":"SECUNIA","url":"http://secunia.com/advisories/17200"}]}}}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2005-2972","datePublished":"2005-10-23T04:00:00.000Z","dateReserved":"2005-09-19T00:00:00.000Z","dateUpdated":"2024-08-07T22:53:29.907Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2005-10-23 10:02:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["CWE-119","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:P/A:P","baseScore":5.1,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":4.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":true,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:abisource:community_abiword:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.10","matchCriteriaId":"576159E7-70BC-45EB-8F7A-E60809AD1CE3"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2005","CveId":"2972","Ordinal":"1","Title":"CVE-2005-2972","CVE":"CVE-2005-2972","Year":"2005"},"notes":[{"CveYear":"2005","CveId":"2972","Ordinal":"1","NoteData":"Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the (1) ParseLevelText, (2) getCharsInsideBrace, (3) HandleLists, (4) or (5) HandleAbiLists functions in ie_imp_RTF.cpp, a different vulnerability than CVE-2005-2964.","Type":"Description","Title":"CVE-2005-2972"},{"CveYear":"2005","CveId":"2972","Ordinal":"2","NoteData":"2005-10-23","Type":"Other","Title":"Published"},{"CveYear":"2005","CveId":"2972","Ordinal":"3","NoteData":"2018-10-03","Type":"Other","Title":"Modified"}]}}}