Vulnerability in Gnome

CVE-2008-3533

Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line…

EPSS: 0.194 (97.0th percentile) — read the EPSS interpretation.

Affected products

Gnome — versions 2.20, 2.22
Gnome Yelp
N/a — versions n/a

Weakness classification (CWE)

CWE-134 — Use of Externally-Controlled Format String

References

security@ubuntu.com (x_refsource_CONFIRM, Exploit, Issue Tracking)
security@ubuntu.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
security@ubuntu.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
security@ubuntu.com (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
security@ubuntu.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
security@ubuntu.com (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
security@ubuntu.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
security@ubuntu.com (VDB Entry, vdb-entry, x_refsource_XF)
security@ubuntu.com (x_refsource_CONFIRM, Exploit, Patch)
security@ubuntu.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)