CVE-2008-3971
Severity:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
11/09/2008
Last modified:
08/08/2017
Description
Heap-based buffer overflow in the open_man_file function in callbacks.c in gmanedit 0.4.1 allows remote attackers to execute arbitrary code via a crafted man page, which is not properly handled during utf8 conversion. NOTE: another overflow was reported using a configuration file, but that vector does not have a scenario that crosses privilege boundaries.
Impact
Base Score 2.0
9.30
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:gmanedit2:gmanedit:0.4.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497835
- http://www.openwall.com/lists/oss-security/2008/09/06/2
- http://www.openwall.com/lists/oss-security/2008/09/09/13
- http://www.openwall.com/lists/oss-security/2008/09/09/19
- http://www.securityfocus.com/bid/31040
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44962
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44963