Unrated severityNVD Advisory· Published Oct 23, 2005· Updated Apr 16, 2026

CVE-2005-2972

Description

Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the (1) ParseLevelText, (2) getCharsInsideBrace, (3) HandleLists, (4) or (5) HandleAbiLists functions in ie_imp_RTF.cpp, a different vulnerability than CVE-2005-2964.

Affected products

Abisource/Community Abiword
cpe:2.3:a:abisource:community_abiword:*:*:*:*:*:*:*:*
Range: <=2.2.10

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.gentoo.org/security/en/glsa/glsa-200510-17.xmlnvdPatchVendor Advisory
scary.beasts.org/security/CESA-2005-006.txtnvdExploitVendor Advisory
secunia.com/advisories/17199nvdVendor Advisory
secunia.com/advisories/17200nvdVendor Advisory
secunia.com/advisories/17213nvdVendor Advisory
secunia.com/advisories/17264nvdVendor Advisory
secunia.com/advisories/17551nvdVendor Advisory
www.vupen.com/english/advisories/2005/2086nvdVendor Advisory
www.abisource.com/changelogs/2.2.11.phtmlnvd
www.debian.org/security/2005/dsa-894nvd
www.mail-archive.com/debian-bugs-rc%40lists.debian.org/msg28251.htmlnvd
www.osvdb.org/20015nvd
www.securityfocus.com/bid/15096nvd
usn.ubuntu.com/203-1/nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000