Unrated severityNVD Advisory· Published Aug 18, 2008· Updated Apr 23, 2026

CVE-2008-3533

Description

Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.

Affected products

GNOME Foundation/Yelp
cpe:2.3:a:gnome:yelp:*:*:*:*:*:*:*:*
Range: <2.24
GNOME Foundation/Gnome2 versions
cpe:2.3:a:gnome:gnome:2.20:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gnome:gnome:2.20:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:gnome:2.22:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.gnome.org/attachment.cginvdExploitIssue Tracking
bugzilla.gnome.org/show_bug.cginvdExploitIssue TrackingPatch
bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860nvdExploitPatch
lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.htmlnvdMailing ListThird Party Advisory
secunia.com/advisories/31465nvdVendor Advisory
secunia.com/advisories/31620nvdVendor Advisory
secunia.com/advisories/31834nvdVendor Advisory
secunia.com/advisories/32629nvdVendor Advisory
www.securityfocus.com/bid/30690nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/usn-638-1nvdThird Party Advisory
www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.htmlnvdMailing ListThird Party Advisory
www.mandriva.com/security/advisoriesnvdProduct
www.vupen.com/english/advisories/2008/2393nvdBroken Link
exchange.xforce.ibmcloud.com/vulnerabilities/44449nvdVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.011
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000