Lucene search

K
cvelistRedhatCVELIST:CVE-2023-2491
HistoryMay 17, 2023 - 12:00 a.m.

CVE-2023-2491

2023-05-1700:00:00
CWE-77
redhat
www.cve.org
flaw
emacs
arbitrary command execution
org-mode code
ob-latex.el
security regression
red hat enterprise linux

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.9%

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the “org-babel-execute:latex” function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "emacs",
    "versions": [
      {
        "version": "Affects emacs v26.1-9.el8 and emacs v27.2-8.el9, Fixed in emacs v26.1-10.el8_8.2 and emacs v27.2-8.el9_2.1",
        "status": "affected"
      }
    ]
  }
]