CVE-2008-3533

EUVD-2008-3519
Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
gnomeyelp
𝑥
< 2.24
gnomegnome
2.20
gnomegnome
2.22
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
yelp
bookworm
42.2-1
fixed
bullseye
3.38.3-1
fixed
etch
not-affected
sid
42.2-1
fixed
trixie
42.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
yelp
dapper
not-affected
feisty
not-affected
gutsy
Fixed 2.20.0-0ubuntu3.1
released
hardy
Fixed 2.22.1-0ubuntu2.8.04.3
released
Common Weakness Enumeration
References
http://bugzilla.gnome.org/attachment.cgi?id=115890
http://bugzilla.gnome.org/show_bug.cgi?id=546364
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html
http://secunia.com/advisories/31465
http://secunia.com/advisories/31620
http://secunia.com/advisories/31834
http://secunia.com/advisories/32629
http://www.mandriva.com/security/advisories?name=MDVSA-2008:175
http://www.securityfocus.com/bid/30690
http://www.ubuntu.com/usn/usn-638-1
http://www.vupen.com/english/advisories/2008/2393
https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860
https://exchange.xforce.ibmcloud.com/vulnerabilities/44449
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html
http://bugzilla.gnome.org/attachment.cgi?id=115890
http://bugzilla.gnome.org/show_bug.cgi?id=546364
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html
http://secunia.com/advisories/31465
http://secunia.com/advisories/31620
http://secunia.com/advisories/31834
http://secunia.com/advisories/32629
http://www.mandriva.com/security/advisories?name=MDVSA-2008:175
http://www.securityfocus.com/bid/30690
http://www.ubuntu.com/usn/usn-638-1
http://www.vupen.com/english/advisories/2008/2393
https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860
https://exchange.xforce.ibmcloud.com/vulnerabilities/44449
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html