cbcvebase.
CVE-2005-1686
published 2005-05-20

CVE-2005-1686: Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers…

PriorityP416low2.6CVSS 2.0
AVNACHAuNCNINAP
EXPLOIT
EPSS
7.66%
93.8th percentile
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.

Affected

6 ranges
VendorProductVersion rangeFixed in
debiangedit< gedit 2.10.3-1 (bookworm)gedit 2.10.3-1 (bookworm)
gnomegedit
gnomegedit>= 0 < 2.10.3-12.10.3-1
gnomegedit>= 0 < 2.10.3-12.10.3-1
gnomegedit>= 0 < 2.10.3-12.10.3-1
gnomegedit>= 0 < 2.10.3-12.10.3-1

CVSS provenance

nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:N/A:P
osv2.6LOW
vendor_debian2.6LOW
vendor_redhat2.6LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.