Unrated severityNVD Advisory· Published Aug 5, 2010· Updated Apr 29, 2026
CVE-2010-2713
CVE-2010-2713
Description
The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression.
Affected products
10cpe:2.3:a:nalin_dahyabhai:vte:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:nalin_dahyabhai:vte:*:*:*:*:*:*:*:*range: <=0.25.1
- cpe:2.3:a:nalin_dahyabhai:vte:0.11.21:*:*:*:*:*:*:*
- cpe:2.3:a:nalin_dahyabhai:vte:0.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:nalin_dahyabhai:vte:0.14.2:*:*:*:*:*:*:*
- cpe:2.3:a:nalin_dahyabhai:vte:0.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:nalin_dahyabhai:vte:0.16.14:*:*:*:*:*:*:*
- cpe:2.3:a:nalin_dahyabhai:vte:0.17.4:*:*:*:*:*:*:*
- cpe:2.3:a:nalin_dahyabhai:vte:0.20.5:*:*:*:*:*:*:*
- cpe:2.3:a:nalin_dahyabhai:vte:0.22.5:*:*:*:*:*:*:*
- cpe:2.3:a:nalin_dahyabhai:vte:0.24.3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- git.gnome.org/browse/vte/commit/nvdExploitPatch
- secunia.com/advisories/40635nvdVendor Advisory
- www.vupen.com/english/advisories/2010/1839nvdVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.htmlnvd
- www.securityfocus.com/bid/41716nvd
- www.ubuntu.com/usn/usn-962-1nvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.