Back to search
CVE-2007-2027
Published: Apr 13, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
25550
third-party-advisory
x_refsource_SECUNIA
2007-0017
vendor-advisory
x_refsource_TRUSTIX
USN-457-1
vendor-advisory
x_refsource_UBUNTU
25198
third-party-advisory
x_refsource_SECUNIA
ADV-2007-1686
vdb-entry
x_refsource_VUPEN
35668
vdb-entry
x_refsource_OSVDB
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235411
x_refsource_CONFIRM
oval:org.mitre.oval:def:9741
vdb-entry
signature
x_refsource_OVAL
23844
vdb-entry
x_refsource_BID
25169
third-party-advisory
x_refsource_SECUNIA
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417789
x_refsource_CONFIRM
25255
third-party-advisory
x_refsource_SECUNIA
GLSA-200706-03
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now