CVE-2007-2027

Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks.
Configurations

Configuration 1 (hide)

cpe:2.3:a:elinks:elinks:0.11.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-04-13 18:19

Updated : 2024-02-04 17:13


NVD link : CVE-2007-2027

Mitre link : CVE-2007-2027

CVE.ORG link : CVE-2007-2027


JSON object : View

Products Affected

elinks

  • elinks
CWE
CWE-134

Use of Externally-Controlled Format String