CVE-2005-1686

CVE-2005-1686 is a low-severity vulnerability in Gnome Gedit with a CVSS 2.0 base score of 2.6. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.

Key facts

Description

Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.

Frequently asked questions

What is CVE-2005-1686?
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.
How severe is CVE-2005-1686?
CVE-2005-1686 has a CVSS 2.0 base score of 2.6, rated low severity.
Is CVE-2005-1686 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 8% (94th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2005-1686?
CVE-2005-1686 affects Gnome Gedit. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2005-1686?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2005-1686 published?
CVE-2005-1686 was published on 2005-05-20 and last updated on 2026-06-16.

References

Affected products (1)

More vulnerabilities in Gnome Gedit

All CVEs affecting Gnome Gedit →