Arbitrary Code Execution Vulnerability in GNU m4 by the GNU Project
CVE-2008-1688

Currently unrated

Key Information:

Vendor
Gnu
Status
Vendor
CVE Published:
9 April 2008

Summary

An unspecified vulnerability exists in GNU m4 versions prior to 1.4.11, which may allow context-dependent attackers to execute arbitrary code. This issue is primarily associated with improper handling of filenames when using the -F option. As a result, it can potentially lead to unauthorized access or control over affected systems. The exact circumstances under which this vulnerability passes privilege boundaries remain unclear, highlighting the need for caution and prompt updates.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.