CVE-2008-3533

Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
canonicalCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
gnomeyelp
𝑥
< 2.24
gnomegnome
2.20
gnomegnome
2.22
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
yelp
bullseye
3.38.3-1
fixed
etch
not-affected
sid
42.2-1
fixed
trixie
42.2-1
fixed
bookworm
42.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
yelp
hardy
Fixed 2.22.1-0ubuntu2.8.04.3
released
gutsy
Fixed 2.20.0-0ubuntu3.1
released
feisty
not-affected
dapper
not-affected
Common Weakness Enumeration
References
http://bugzilla.gnome.org/attachment.cgi?id=115890
http://bugzilla.gnome.org/show_bug.cgi?id=546364
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html
http://secunia.com/advisories/31465
http://secunia.com/advisories/31620
http://secunia.com/advisories/31834
http://secunia.com/advisories/32629
http://www.mandriva.com/security/advisories?name=MDVSA-2008:175
http://www.securityfocus.com/bid/30690
http://www.ubuntu.com/usn/usn-638-1
http://www.vupen.com/english/advisories/2008/2393
https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860
https://exchange.xforce.ibmcloud.com/vulnerabilities/44449
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html
http://bugzilla.gnome.org/attachment.cgi?id=115890
http://bugzilla.gnome.org/show_bug.cgi?id=546364
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html
http://secunia.com/advisories/31465
http://secunia.com/advisories/31620
http://secunia.com/advisories/31834
http://secunia.com/advisories/32629
http://www.mandriva.com/security/advisories?name=MDVSA-2008:175
http://www.securityfocus.com/bid/30690
http://www.ubuntu.com/usn/usn-638-1
http://www.vupen.com/english/advisories/2008/2393
https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860
https://exchange.xforce.ibmcloud.com/vulnerabilities/44449
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html