Arbitrary Code Execution Vulnerability in GNU m4 by the GNU Project
CVE-2008-1688

Currently unrated

Key Information:

Vendor: Gnu
Status: M4
Vendor: CVE Published:; 9 April 2008

Summary

An unspecified vulnerability exists in GNU m4 versions prior to 1.4.11, which may allow context-dependent attackers to execute arbitrary code. This issue is primarily associated with improper handling of filenames when using the -F option. As a result, it can potentially lead to unauthorized access or control over affected systems. The exact circumstances under which this vulnerability passes privilege boundaries remain unclear, highlighting the need for caution and prompt updates.

References

http://www.vupen.com/english/advisories/2008/1151/references

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/41704

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/28688

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Apr 9, 2008
Vulnerability Reserved
Apr 6, 2008