CyberSec.Space Logo
Back to CVE Browser

CVE-2008-3533

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1630%
EPSS Percentile42.32th
PublishedAug 18, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.

Affected Platforms (CPE)

πŸ“¦
Gnome

Yelp

< 2.24
πŸ“¦
Gnome

Gnome

= 2.20
πŸ“¦
Gnome

Gnome

= 2.22

References & Advisories

πŸ”— http://bugzilla.gnome.org/attachment.cgi?id=115890
πŸ”— http://bugzilla.gnome.org/show_bug.cgi?id=546364
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html
πŸ”— http://secunia.com/advisories/31465
πŸ”— http://secunia.com/advisories/31620
πŸ”— http://secunia.com/advisories/31834
πŸ”— http://secunia.com/advisories/32629
πŸ”— http://www.mandriva.com/security/advisories?name=MDVSA-2008:175

Related Vulnerabilities

CVE-2018-104067.8

An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks...

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...