CVE-2004-2714

Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string vulnerability.

Weakness

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Affected Software

Name	Vendor	Start Version	End Version
Windowmaker	Windowmaker	0.20.1.3 (including)	0.20.1.3 (including)
Windowmaker	Windowmaker	0.52.2 (including)	0.52.2 (including)
Windowmaker	Windowmaker	0.53 (including)	0.53 (including)
Windowmaker	Windowmaker	0.60 (including)	0.60 (including)
Windowmaker	Windowmaker	0.60.0 (including)	0.60.0 (including)
Windowmaker	Windowmaker	0.61 (including)	0.61 (including)
Windowmaker	Windowmaker	0.61.1 (including)	0.61.1 (including)
Windowmaker	Windowmaker	0.62 (including)	0.62 (including)
Windowmaker	Windowmaker	0.62.1 (including)	0.62.1 (including)
Windowmaker	Windowmaker	0.63 (including)	0.63 (including)
Windowmaker	Windowmaker	0.63.1 (including)	0.63.1 (including)
Windowmaker	Windowmaker	0.64 (including)	0.64 (including)
Windowmaker	Windowmaker	0.65 (including)	0.65 (including)
Windowmaker	Windowmaker	0.65.1 (including)	0.65.1 (including)
Windowmaker	Windowmaker	0.80 (including)	0.80 (including)
Windowmaker	Windowmaker	0.80.2 (including)	0.80.2 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-2714
CWE	https://cwe.mitre.org/data/definitions/134.html

Use of Externally-Controlled Format String

Weakness

Affected Software

Potential Mitigations

References

CVE-2004-2714

Use of Externally-Controlled Format String

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References