CVE-2008-3533

NameCVE-2008-3533
DescriptionFormat string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDTSA-154-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
yelp (PTS)buster3.31.90-1fixed
bullseye3.38.3-1fixed
sid, trixie, bookworm42.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
yelpsourceetch(not affected)
yelpsourcelenny2.22.1-3+lenny2DTSA-154-1
yelpsource(unstable)2.22.1-4low

Notes

[etch] - yelp <not-affected> (Vulnerable code not present)
Search for package or bug name: Reporting problems