cbcvebase.
CVE-2008-3533
published 2008-08-18

CVE-2008-3533: Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute…

PriorityP263critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
19.39%
97.0th percentile
Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.

Affected

8 ranges
VendorProductVersion rangeFixed in
debianyelp< yelp 2.22.1-4 (bookworm)yelp 2.22.1-4 (bookworm)
gnomegnome
gnomegnome
gnomeyelp< 2.242.24
gnomeyelp>= 0 < 2.22.1-42.22.1-4
gnomeyelp>= 0 < 2.22.1-42.22.1-4
gnomeyelp>= 0 < 2.22.1-42.22.1-4
gnomeyelp>= 0 < 2.22.1-42.22.1-4

Detection & IOCsextracted from sources · hover to see the quote

pathyelp-window.c
  • Monitor yelp process invocations where the URI argument contains printf-style format specifiers (e.g., %08x, %x, %n). These are the attack payload patterns demonstrated in the wild.
  • Watch for yelp being launched via man:// or ghelp:// URI handlers from browser or email client processes (Firefox, Evolution), as these are the demonstrated delivery vectors.
  • The vulnerable code path is the window_error function in yelp-window.c. On Fedora 9+, glibc detects the format string abuse and triggers a controlled application shutdown — a crash/abort of yelp can itself be an indicator of an exploitation attempt.
  • ·Affected yelp versions are strictly after 2.19.90 and before 2.24. Red Hat Enterprise Linux 3, 4, and 5 ship versions outside this range and are NOT affected.
  • ·On Fedora 9 and later, glibc's format-string protection limits the impact to a denial-of-service (crash) rather than arbitrary code execution. Fedora 8 is the primary code-execution risk among Fedora releases.

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0LOW
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.