10

CVE-2008-3533

Exploit

EPSS 12.74%
Published 18.08.2008 17:41:00
Last modified 09.04.2025 00:30:58
Source security@ubuntu.com
Teams watchlist Login
Open Login

Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.

Affected products Warnungen 0 Metrics 2 CWE 1 References 17

Data is provided by the National Vulnerability Database (NVD)

Gnome ≫ Yelp Version < 2.24

Gnome ≫ Gnome Version2.20

Gnome ≫ Gnome Version2.22

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	12.74%	0.933

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html

Third Party Advisory

Mailing List

http://bugzilla.gnome.org/attachment.cgi?id=115890

Exploit

Issue Tracking

http://bugzilla.gnome.org/show_bug.cgi?id=546364

Patch

Exploit

Issue Tracking

http://secunia.com/advisories/31465

Vendor Advisory

http://secunia.com/advisories/31620

Vendor Advisory

http://secunia.com/advisories/31834

Vendor Advisory

http://secunia.com/advisories/32629

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2008:175

Product

http://www.securityfocus.com/bid/30690

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/usn-638-1

Third Party Advisory

http://www.vupen.com/english/advisories/2008/2393

Broken Link

https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860

Patch

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/44449

VDB Entry

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2008-3533

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3533

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3533

EUVD