CVE-2007-2027

NameCVE-2007-2027
DescriptionUntrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
Debian Bugs417789

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
elinks (PTS)buster0.13~20190125-3fixed
bookworm, sid, bullseye0.13.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
elinkssource(unstable)0.11.1-1.4low417789

Notes

[sarge] - elinks <no-dsa> (Hardly exploitable)
[etch] - elinks <no-dsa> (Hardly exploitable)
Unrealistic attack vector, no evidence code injection is possible

Search for package or bug name: Reporting problems