Vulnerability Details : CVE-2008-3971
Heap-based buffer overflow in the open_man_file function in callbacks.c in gmanedit 0.4.1 allows remote attackers to execute arbitrary code via a crafted man page, which is not properly handled during utf8 conversion. NOTE: another overflow was reported using a configuration file, but that vector does not have a scenario that crosses privilege boundaries.
Vulnerability category: OverflowExecute code
Products affected by CVE-2008-3971
- cpe:2.3:a:gmanedit2:gmanedit:0.4.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-3971
9.01%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-3971
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2008-3971
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-3971
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/44962
Gnome Manual Pages Editor (gmanedit) ReadConfFromFile() function buffer overflow undefined Vulnerability Report
-
http://www.openwall.com/lists/oss-security/2008/09/09/13
oss-security - Re: CVE id requests: gmanedit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/44963
Gnome Manual Pages Editor (gmanedit) open_man_file() function buffer overflow CVE-2008-3971 Vulnerability Report
-
http://www.openwall.com/lists/oss-security/2008/09/06/2
oss-security - CVE id requests: gmanedit
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497835
#497835 - gmanedit: CVE-2008-3971 buffer overflow when converting manpage to utf8 - Debian Bug report logsExploit
-
http://www.securityfocus.com/bid/31040
-
http://www.openwall.com/lists/oss-security/2008/09/09/19
oss-security - Re: CVE id requests: gmanedit
Jump to