Bug 170413

Summary: CAN-2005-2964 AbiWord RTF File Processing Buffer Overflow
Product: [Retired] Fedora Legacy Reporter: John Dalbec <jpdalbec>
Component: abiwordAssignee: Fedora Legacy Bugs <bugs>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rhl7.3   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
URL: http://www.abisource.com/changelogs/2.2.10.phtml
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-08-30 19:57:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description John Dalbec 2005-10-11 14:14:42 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20050729 Netscape/8.0.3.3

Description of problem:
05.40.21 CVE: CAN-2005-2964
Platform: Cross Platform
Title: AbiWord RTF File Processing Buffer Overflow
Description: AbiWord is an open source word processor. It is
susceptible to a buffer overflow vulnerability. This issue presents
itself when RTF files are imported into AbiWord. When the affected
application attempts to process malicious RTF files, a buffer may be
overwritten, resulting in the attacker being able to modify critical
memory control structures. AbiWord versions 2.0.1 through 2.2.9 are
vulnerable.
Ref: http://www.abisource.com/changelogs/2.2.10.phtml

Version-Release number of selected component (if applicable):


How reproducible:
Didn't try


Additional info:
Comment 1 John Dalbec 2005-11-29 14:09:05 UTC 
05.42.20 CVE: CAN-2005-2972
Platform: Cross Platform
Title: AbiWord Stack-Based Buffer Overflow Vulnerabilities
Description: AbiWord is a word processor available for multiple
operating systems.It is susceptible to multiple stack-based buffer
overflow vulnerabilities that are caused by failure of the application
to properly do bounds check on user-supplied data when RTF (Rich Text
Files) files are imported into AbiWord. For a list of vulnerable
versions, please visit the reference link provided.
Ref: http://www.securityfocus.com/bid/15096
Comment 2 Jesse Keating 2007-08-30 19:57:10 UTC 
Fedora Legacy project has ended.  These will not be fixed by Fedora Legacy.