Arbitrary Code Execution Vulnerability in GNU m4 by the GNU Project
CVE-2008-1688
Currently unrated
Summary
An unspecified vulnerability exists in GNU m4 versions prior to 1.4.11, which may allow context-dependent attackers to execute arbitrary code. This issue is primarily associated with improper handling of filenames when using the -F option. As a result, it can potentially lead to unauthorized access or control over affected systems. The exact circumstances under which this vulnerability passes privilege boundaries remain unclear, highlighting the need for caution and prompt updates.
References
Timeline
Vulnerability published
Vulnerability Reserved