Security Flaw in GNU m4 Leading to Macro Expansion Issues
CVE-2008-1687

Currently unrated

Key Information:

Vendor
Gnu
Status
Vendor
CVE Published:
9 April 2008

Summary

The GNU m4 utility contains a security flaw due to improper handling of the maketemp and mkstemp functions, which do not properly quote their output during file creation. This oversight enables attackers to exploit the system using crafted inputs that trigger unintended macro expansions. As a result, it may lead to the creation of files with incorrect names, potentially causing unpredictable behaviors or further exploitation within context-sensitive environments.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.