返回 CVE 瀏覽器

CVE-2008-3533

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1630%

EPSS Percentile42.32th

Published2008年8月18日

Last Modified2026年4月23日

Vulnerability Description

Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.

Affected Platforms (CPE)

📦

Gnome

Yelp

< 2.24

📦

Gnome

Gnome

= 2.20

📦

Gnome

Gnome

= 2.22

References & Advisories

🔗 http://bugzilla.gnome.org/attachment.cgi?id=115890

🔗 http://bugzilla.gnome.org/show_bug.cgi?id=546364

🔗 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html

🔗 http://secunia.com/advisories/31465

🔗 http://secunia.com/advisories/31620

🔗 http://secunia.com/advisories/31834

🔗 http://secunia.com/advisories/32629

🔗 http://www.mandriva.com/security/advisories?name=MDVSA-2008:175

相關漏洞威脅

CVE-2018-104067.8

An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks...

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...