HIGH🇵🇱 Wersja polska

CVE-2008-3533

CVSS 10.0v2.0pub. 2008-08-18upd. 2026-04-23

Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.

CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Gnome

    APP
    Gnome
    2.202.22
  • Gnome Yelp

    APP
    Gnome
    < 2.24
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-3155HIGH7.4ten sam produkt

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary script...

CVE-2015-7216MEDIUM6.8ten sam produkt

The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the J...

CVE-2015-7217MEDIUM4.3ten sam produkt

The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the T...

CVE-2009-1276LOW2.1ten sam produkt

XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, al...

CVE-2022-1736CRITICAL9.8PL ✓ten sam vendor

Domyślnie włączone Remote Desktop Sharing w Ubuntu (gnome-control-center)