Arnaud Giersch

**Name of the Vulnerable Software and Affected Versions** Elinks version 0.11.1 **Description** The issue is related to an untrusted search path vulnerability in the add filename to string function. This allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory. The vulnerability can be leveraged to conduct format string attacks. **Recommendations** For Elinks version 0.11.1, consider restricting access to the `add filename to string` function in `intl/gettext/loadmsgcat.c` until a patch is available. Avoid using untrusted gettext message catalogs (.po files) in "../po" directories to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.