CVE-2008-3533

Publication date 18 August 2008

Last updated 24 July 2024

Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
yelp	8.04 LTS hardy	Fixed 2.22.1-0ubuntu2.8.04.3
	7.10 gutsy	Fixed 2.20.0-0ubuntu3.1
	7.04 feisty	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-638-1
Yelp vulnerability
27 August 2008

Other references

https://www.cve.org/CVERecord?id=CVE-2008-3533