CVE-2007-2027

Severity CVSS v4.0:
Pending analysis
Type:
CWE-134 Format String Vulnerability
Publication date:
13/04/2007
Last modified:
09/04/2025

Description

Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:elinks:elinks:0.11.1:*:*:*:*:*:*:*