FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

abiword, koffice -- stack based buffer overflow vulnerabilities

Affected packages
1.2.0 < koffice < 1.4.1_1,1
abiword < 2.2.11

Details

VuXML ID 9cd52bc6-a213-11da-b410-000e0c2e438a
Discovery 2005-10-14
Entry 2006-02-20
Modified 2006-02-20

Chris Evans reports that AbiWord is vulnerable to multiple stack-based buffer overflow vulnerabilities. This is caused by improper checking of the user-supplied data before it is being copied to an too small buffer. The vulnerability is triggered when someone is importing RTF files.

References

Bugtraq ID 15096
CVE Name CAN-2005-2972
URL http://scary.beasts.org/security/CESA-2005-006.txt
URL http://www.abisource.com/changelogs/2.2.11.phtml
URL http://www.kde.org/info/security/advisory-20051011-1.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.