VYPR
Unrated severityNVD Advisory· Published Apr 13, 2007· Updated Jun 16, 2026

CVE-2007-2027

CVE-2007-2027

Description

Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Elinks/Elinks2 versions
    cpe:2.3:a:elinks:elinks:0.11.1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:elinks:elinks:0.11.1:*:*:*:*:*:*:*
    • (no CPE)range: =0.11.1

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.