CVE-2008-3971

Heap-based buffer overflow in the open_man_file function in callbacks.c in gmanedit 0.4.1 allows remote attackers to execute arbitrary code via a crafted man page, which is not properly handled during utf8 conversion.  NOTE: another overflow was reported using a configuration file, but that vector does not have a scenario that crosses privilege boundaries.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
gmanedit2gmanedit
0.4.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gmanedit
sid
0.4.2-8
fixed
bookworm
0.4.2-8
fixed
bullseye
0.4.2-8
fixed
etch
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gmanedit
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
dne
gutsy
ignored
feisty
ignored
dapper
ignored
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497835
http://www.openwall.com/lists/oss-security/2008/09/06/2
http://www.openwall.com/lists/oss-security/2008/09/09/13
http://www.openwall.com/lists/oss-security/2008/09/09/19
http://www.securityfocus.com/bid/31040
https://exchange.xforce.ibmcloud.com/vulnerabilities/44962
https://exchange.xforce.ibmcloud.com/vulnerabilities/44963
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497835
http://www.openwall.com/lists/oss-security/2008/09/06/2
http://www.openwall.com/lists/oss-security/2008/09/09/13
http://www.openwall.com/lists/oss-security/2008/09/09/19
http://www.securityfocus.com/bid/31040
https://exchange.xforce.ibmcloud.com/vulnerabilities/44962
https://exchange.xforce.ibmcloud.com/vulnerabilities/44963