10
CVE-2008-3533
- EPSS 19.4%
- Veröffentlicht 18.08.2008 17:41:00
- Zuletzt bearbeitet 16.06.2026 22:56:00
- Quelle security@ubuntu.com
- CVE-Watchlists
- Unerledigt
Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 19.4% | 0.97 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-134 Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html
http://bugzilla.gnome.org/attachment.cgi?id=115890
http://bugzilla.gnome.org/show_bug.cgi?id=546364
http://secunia.com/advisories/31465
http://secunia.com/advisories/31620
http://secunia.com/advisories/31834
http://secunia.com/advisories/32629
http://www.mandriva.com/security/advisories?name=MDVSA-2008:175
http://www.securityfocus.com/bid/30690
http://www.ubuntu.com/usn/usn-638-1
http://www.vupen.com/english/advisories/2008/2393
https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860
https://exchange.xforce.ibmcloud.com/vulnerabilities/44449
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html