Security Flaw in GNU m4 Leading to Macro Expansion Issues
CVE-2008-1687
Currently unrated
Summary
The GNU m4 utility contains a security flaw due to improper handling of the maketemp and mkstemp functions, which do not properly quote their output during file creation. This oversight enables attackers to exploit the system using crafted inputs that trigger unintended macro expansions. As a result, it may lead to the creation of files with incorrect names, potentially causing unpredictable behaviors or further exploitation within context-sensitive environments.
References
Timeline
Vulnerability published
Vulnerability Reserved