CVE-2008-3971

Description

Heap-based buffer overflow in the open_man_file function in callbacks.c in gmanedit 0.4.1 allows remote attackers to execute arbitrary code via a crafted man page, which is not properly handled during utf8 conversion. NOTE: another overflow was reported using a configuration file, but that vector does not have a scenario that crosses privilege boundaries.

How to fix CVE-2008-3971

To remediate CVE-2008-3971, upgrade the affected package to a fixed version below.

• Debian/gmanedit—upgrade to 0.4.1-1.1 or later

Is CVE-2008-3971 being exploited?

Moderate — EPSS is 5.7%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 0.4.1-1.1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-3971