my original post was accidentally submitted to the patches section, Sorry if this ends up being a dup.
nedit 5.5 has a format string error in preferences.c.
fprintf(stderr, "Could not read additional preferences file: ");
This _should_ be
fprintf(stderr, "Could not read additional preferences file: %s\n",
This is crashable/exploitable (though there is little to nothing to be
gained by exploited it).
A demonstration of the crash is as simple as this:
nedit -import "%n"
Log in to post a comment.