CVE-2008-3533

Name of the Vulnerable Software and Affected Versions yelp versions after 2.19.90 and before 2.24 yelp versions prior to 2.22.1-r2

Description The issue allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line. This can be demonstrated by the use of yelp within man or ghelp URI handlers in various programs, including Firefox and Evolution. The vulnerability may lead to a violation of confidentiality, integrity, and availability of protected information and can be exploited remotely.

Recommendations For yelp versions after 2.19.90 and before 2.24, update to a version 2.24 or later. For yelp versions prior to 2.22.1-r2, update to version 2.22.1-r2 or later. As a temporary workaround, consider restricting the use of yelp within URI handlers until a patch is available.