CVE-2005-1686
published 2005-05-20CVE-2005-1686: Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers…
PriorityP416low2.6CVSS 2.0
AVNACHAuNCNINAP
EXPLOIT
EPSS
7.66%
93.8th percentile
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gedit | < gedit 2.10.3-1 (bookworm) | gedit 2.10.3-1 (bookworm) |
| gnome | gedit | — | — |
| gnome | gedit | >= 0 < 2.10.3-1 | 2.10.3-1 |
| gnome | gedit | >= 0 < 2.10.3-1 | 2.10.3-1 |
| gnome | gedit | >= 0 < 2.10.3-1 | 2.10.3-1 |
| gnome | gedit | >= 0 < 2.10.3-1 | 2.10.3-1 |
CVSS provenance
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:N/A:P
osv2.6LOW
vendor_debian2.6LOW
vendor_redhat2.6LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r7hv-4wrp-wf62: Format string vulnerability in gedit 2
ghsa_unreviewed·2022-05-01
CVE-2005-1686 [LOW] GHSA-r7hv-4wrp-wf62: Format string vulnerability in gedit 2
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.
OSV
CVE-2005-1686: Format string vulnerability in gedit 2
osv·2005-05-20·CVSS 2.6
CVE-2005-1686 [LOW] CVE-2005-1686: Format string vulnerability in gedit 2
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.
Ubuntu
gedit vulnerability
vendor_ubuntu·2005-06-09
CVE-2005-1686 gedit vulnerability
Title: gedit vulnerability
Summary: gedit vulnerability
A format string vulnerability has been discovered in gedit. Calling
the program with specially crafted file names caused a buffer
overflow, which could be exploited to execute arbitrary code with the
privileges of the gedit user.
This becomes security relevant if e. g. your web browser is configued
to open URLs in gedit. If you never open untrusted file names or URLs
in gedit, this flaw does not affect you.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2005-05-20·CVSS 2.6
CVE-2005-1686 [LOW] security flaw
security flaw
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.
Debian
CVE-2005-1686: gedit - Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denia...
vendor_debian·2005·CVSS 2.6
CVE-2005-1686 [LOW] CVE-2005-1686: gedit - Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denia...
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.
Scope: local
bookworm: resolved (fixed in 2.10.3-1)
bullseye: resolved (fixed in 2.10.3-1)
forky: resolved (fixed in 2.10.3-1)
sid: resolved (fixed in 2.10.3-1)
trixie: resolved (fixed in 2.10.3-1)
No detection rules found.
http://marc.info/?l=bugtraq&m=111661117701398&w=2http://security.gentoo.org/glsa/glsa-200506-09.xmlhttp://www.debian.org/security/2005/dsa-753http://www.novell.com/linux/security/advisories/2005_36_sudo.htmlhttp://www.redhat.com/support/errata/RHSA-2005-499.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1245https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9845https://usn.ubuntu.com/138-1/http://marc.info/?l=bugtraq&m=111661117701398&w=2http://security.gentoo.org/glsa/glsa-200506-09.xmlhttp://www.debian.org/security/2005/dsa-753http://www.novell.com/linux/security/advisories/2005_36_sudo.htmlhttp://www.redhat.com/support/errata/RHSA-2005-499.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1245https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9845https://usn.ubuntu.com/138-1/
2005-05-20
Published