Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.6
CVSSv2

CVE-2005-1686

Published: 20/05/2005 Updated: 03/10/2018
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 265
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P
Subscribe to Gnome

Vulnerability Summary

Format string vulnerability in gedit 2.10.2 may allow malicious users to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.

Vulnerable Product Search on Vulmon Subscribe to Product

gnome gedit 2.10.2

Vendor Advisories

Red Hat: gedit security update
Synopsis gedit security update Type/Severity Security Advisory: Moderate Topic An updated gedit package that fixes a file name format string vulnerabilityis now availableThis update has been rated as having moderate security impact by the RedHat Security Response Team Description gEdit is ...
Ubuntu Security Notice: gedit vulnerability
A format string vulnerability has been discovered in gedit Calling the program with specially crafted file names caused a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the gedit user ...
Debian Security Advisories: DSA-753-1 gedit -- format string
A format string vulnerability has been discovered in gedit, a light-weight text editor for GNOME, that may allow attackers to cause a denial of service (application crash) via a binary file with format string specifiers in the filename Since gedit supports opening files via "" URLs (through GNOME vfs) and other schemes, this might be a remo ...

Exploits

Exploit DB: Gedit 2.x - Filename Format String
source: wwwsecurityfocuscom/bid/13699/info gEdit is prone to a format-string vulnerability Exploitation may occur when the program is invoked with a filename that includes malicious format specifiers Attackers could exploit this issue to corrupt arbitrary regions of memory with attacker-supplied data, potentially resulting in the execu ...

References

NVD-CWE-Otherhttp://security.gentoo.org/glsa/glsa-200506-09.xmlhttp://www.redhat.com/support/errata/RHSA-2005-499.htmlhttp://www.debian.org/security/2005/dsa-753http://www.novell.com/linux/security/advisories/2005_36_sudo.htmlhttp://marc.info/?l=bugtraq&m=111661117701398&w=2https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9845https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1245https://usn.ubuntu.com/138-1/https://access.redhat.com/errata/RHSA-2005:499https://usn.ubuntu.com/138-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/25688/https://www.kb.cert.org/vuls/id/814557
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook