Overview
gedit has a format string vulnerability in some error dialogs that can occur when a file is opened for editing.
Description
gedit is the official text editor of the GNOME desktop environment. gedit 2.10.2 has a format string error in some some error dialogs that can occur when a file is opened for editing. Some of the messages in these dialogs, which can contain the name of the file being opened, are interpreted as format strings. Versions prior to v2.10.2 may also be vulnerable. |
Impact
An attacker can execute arbitrary code if a user can be coerced to open a file with a particular name. |
Solution
Upgrade to gedit v2.10.3 or later. |
Vendor Information
814557
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://secunia.com/advisories/15454/
- http://www.securityfocus.com/bid/13699
- http://www.securityfocus.com/archive/1/401869
- http://www.securityfocus.com/archive/1/402048
- http://mail.gnome.org/archives/gnome-announce-list/2005-June/msg00006.html
- http://security.gentoo.org/glsa/glsa-200506-09.xml
- https://www.ubuntulinux.org/support/documentation/usn/usn-138-1
- http://rhn.redhat.com/errata/RHSA-2005-499.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:102
- http://securitytracker.com/alerts/2005/Jun/1014179.html
- http://www.debian.org/security/2005/dsa-753
- http://www.auscert.org.au/5269
Acknowledgements
This issue was discovered by jsk:exworm of www.0xbadexworm.org.
This document was written by Hal Burch.
Other Information
| CVE IDs: | CVE-2005-1686 |
| Severity Metric: | 0.97 |
| Date Public: | 2005-05-24 |
| Date First Published: | 2005-08-12 |
| Date Last Updated: | 2005-08-15 12:52 UTC |
| Document Revision: | 27 |