{"api_version":"1","generated_at":"2026-07-03T15:52:15+00:00","cve":"CVE-2008-3533","urls":{"html":"https://cve.report/CVE-2008-3533","api":"https://cve.report/api/cve/CVE-2008-3533.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-3533","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-3533"},"summary":{"title":"CVE-2008-3533","description":"Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.","state":"PUBLISHED","assigner":"canonical","published_at":"2008-08-18 17:41:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-134","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"10","severity":"","vector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://bugzilla.gnome.org/show_bug.cgi?id=546364","name":"http://bugzilla.gnome.org/show_bug.cgi?id=546364","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Patch"],"title":"Bug 546364 – yelp format string vulnerabilty","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html","name":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] Fedora 8 Update: yelp-2.20.0-12.fc8","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/30690","name":"http://www.securityfocus.com/bid/30690","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"Yelp Invalid URI Format String Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.vupen.com/english/advisories/2008/2393","name":"http://www.vupen.com/english/advisories/2008/2393","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"Webmail - OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/31620","name":"http://secunia.com/advisories/31620","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Ubuntu update for yelp - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/31465","name":"http://secunia.com/advisories/31465","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Yelp Invalid URI Format String Vulnerability - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/32629","name":"http://secunia.com/advisories/32629","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"SUSE update for yelp - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44449","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44449","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["VDB Entry"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/usn-638-1","name":"http://www.ubuntu.com/usn/usn-638-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"USN-638-1: Yelp vulnerability | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860","name":"https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch"],"title":"Bug #254860 “format string vulnerabilty” : Bugs : yelp package : Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:175","name":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:175","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"],"title":"Support / Security / Advisories /  / MDVSA-2008:175 | Mandriva","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/31834","name":"http://secunia.com/advisories/31834","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Fedora update for yelp - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://bugzilla.gnome.org/attachment.cgi?id=115890","name":"http://bugzilla.gnome.org/attachment.cgi?id=115890","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking"],"title":"","mime":"text/x-diff","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html","name":"http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"],"title":"[security-announce] SUSE Security Summary Report: SUSE-SR:2008:024","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-3533","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-3533","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"3533","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnome","cpe5":"gnome","cpe6":"2.20","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"3533","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnome","cpe5":"gnome","cpe6":"2.22","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"3533","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnome","cpe5":"yelp","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[{"cvename":"CVE-2008-3533","organization":"Red Hat","lastmodified":"2008-08-19","contributor":"Joshua Bressers","statementText":"This issue does not affect the versions of the yelp package, as shipped with Red Hat Enterprise Linux 3, 4 and 5.","cve_year":"2008","cve_id":"3533","crc32":"62466894"}],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T09:45:18.106Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://bugzilla.gnome.org/attachment.cgi?id=115890"},{"name":"31465","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/31465"},{"name":"30690","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/30690"},{"name":"SUSE-SR:2008:024","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html"},{"name":"31620","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/31620"},{"name":"USN-638-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/usn-638-1"},{"name":"32629","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/32629"},{"name":"yelp-uri-format-string(44449)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44449"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860"},{"name":"31834","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/31834"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://bugzilla.gnome.org/show_bug.cgi?id=546364"},{"name":"ADV-2008-2393","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2008/2393"},{"name":"FEDORA-2008-7293","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html"},{"name":"MDVSA-2008:175","tags":["vendor-advisory","x_refsource_MANDRIVA","x_transferred"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:175"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-08-13T00:00:00.000Z","descriptions":[{"lang":"en","value":"Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-07T12:57:01.000Z","orgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","shortName":"canonical"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"http://bugzilla.gnome.org/attachment.cgi?id=115890"},{"name":"31465","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/31465"},{"name":"30690","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/30690"},{"name":"SUSE-SR:2008:024","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html"},{"name":"31620","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/31620"},{"name":"USN-638-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/usn-638-1"},{"name":"32629","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/32629"},{"name":"yelp-uri-format-string(44449)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44449"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860"},{"name":"31834","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/31834"},{"tags":["x_refsource_CONFIRM"],"url":"http://bugzilla.gnome.org/show_bug.cgi?id=546364"},{"name":"ADV-2008-2393","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2008/2393"},{"name":"FEDORA-2008-7293","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html"},{"name":"MDVSA-2008:175","tags":["vendor-advisory","x_refsource_MANDRIVA"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:175"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@ubuntu.com","ID":"CVE-2008-3533","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://bugzilla.gnome.org/attachment.cgi?id=115890","refsource":"CONFIRM","url":"http://bugzilla.gnome.org/attachment.cgi?id=115890"},{"name":"31465","refsource":"SECUNIA","url":"http://secunia.com/advisories/31465"},{"name":"30690","refsource":"BID","url":"http://www.securityfocus.com/bid/30690"},{"name":"SUSE-SR:2008:024","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html"},{"name":"31620","refsource":"SECUNIA","url":"http://secunia.com/advisories/31620"},{"name":"USN-638-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/usn-638-1"},{"name":"32629","refsource":"SECUNIA","url":"http://secunia.com/advisories/32629"},{"name":"yelp-uri-format-string(44449)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44449"},{"name":"https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860","refsource":"CONFIRM","url":"https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860"},{"name":"31834","refsource":"SECUNIA","url":"http://secunia.com/advisories/31834"},{"name":"http://bugzilla.gnome.org/show_bug.cgi?id=546364","refsource":"CONFIRM","url":"http://bugzilla.gnome.org/show_bug.cgi?id=546364"},{"name":"ADV-2008-2393","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2008/2393"},{"name":"FEDORA-2008-7293","refsource":"FEDORA","url":"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html"},{"name":"MDVSA-2008:175","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2008:175"}]}}}},"cveMetadata":{"assignerOrgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","assignerShortName":"canonical","cveId":"CVE-2008-3533","datePublished":"2008-08-18T17:15:00.000Z","dateReserved":"2008-08-07T00:00:00.000Z","dateUpdated":"2024-08-07T09:45:18.106Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2008-08-18 17:41:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-134","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnome:yelp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.24","matchCriteriaId":"7BB1D4D2-4900-45B5-BAB7-84A6EBFC0C49"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnome:gnome:2.20:*:*:*:*:*:*:*","matchCriteriaId":"B99DE8F3-3B18-4A57-9E28-849A81884256"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnome:gnome:2.22:*:*:*:*:*:*:*","matchCriteriaId":"BCF0421C-DC15-4ED7-8F21-B92974D09E82"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"3533","Ordinal":"1","Title":"CVE-2008-3533","CVE":"CVE-2008-3533","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"3533","Ordinal":"1","NoteData":"Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.","Type":"Description","Title":"CVE-2008-3533"},{"CveYear":"2008","CveId":"3533","Ordinal":"2","NoteData":"2008-08-18","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"3533","Ordinal":"3","NoteData":"2017-08-07","Type":"Other","Title":"Modified"}]}}}