35 matches found
CVE-2024-30203
CVE-2024-30203 affects GNU Emacs prior to 29.3, where Gnus treats inline MIME contents as trusted. Public advisories from multiple sources (e.g., ALAS/ALAS2) recommend upgrading Emacs to a newer version (29.3 or later) to apply the fix. The issue is limited to Emacs/Gnus handling of inline MIME; ...
CVE-2022-48339
GNU Emacs (through 28.2) contains a command injection flaw in htmlfontify.el (hfy-istext-command) where file/srcdir parameters come from external input and are not escaped, allowing code execution if shell metacharacters are present. Connected advisories confirm CVE-2022-48339 and related CVEs (e...
CVE-2017-14482
GNU Emacs contains a command injection vulnerability in the enriched mode handling (CVE-2017-14482). The issue arises when rendering text/enriched MIME data in emails/news; a crafted message can cause arbitrary commands to execute with the privileges of the Emacs process. Exploitation requires th...
CVE-2022-45939
The CVE-2022-45939 issue affects GNU Emacs up to version 28.2. The root cause is in lib-src/etags.c using the system() C library call to invoke the external ctags/etags binary, enabling local command execution when file names contain shell metacharacters (example: using commands like ctags *) in ...
CVE-2022-48337
CVE-2022-48337 affects GNU Emacs up to 28.2. The issue arises from the etags implementation in lib-src/etags.c, which uses the system C library function and does not sanitize input, enabling command execution via shell metacharacters in source-file names (for example, using etags -u * in a direct...
CVE-2023-2491
The CVE-2023-2491 entry covers a local-privilege style flaw in GNU Emacs affecting org-babel-execute:latex in ob-latex.el (Org Mode). Attackers could trigger arbitrary command execution via specially crafted file/directory names containing shell metacharacters, stemming from a security regression...
CVE-2024-30204
CVE-2024-30204 (Emacs) affects Emacs before 29.3, where LaTeX preview is enabled by default for e‑mail attachments, potentially enabling denial of service. Connected advisories from multiple vendors confirm the issue and recommend upgrading Emacs to a version including the fix (≥29.3). In practic...
CVE-2024-30205
CVE-2024-30205 affects Emacs prior to 29.3 where Org mode trusts contents of remote files (Org mode before 9.6.23). CVSS indicates HIGH severity with LOCAL exploitability and USER INTERACTION required. Affected distributions document remediation via updating Emacs/Org-mode to fixed versions (e.g....
CVE-2024-53920
In GNU Emacs (elisp-mode.el) prior to 30.1, invoking elisp-completion-at-point on untrusted Emacs Lisp can trigger unsafe Lisp macro expansion, enabling arbitrary code execution. This also occurs if on-the-fly diagnosis causes byte compilation of untrusted code. Root cause: unsafe macro expansion...
CVE-2024-39331
CVE-2024-39331 affects Emacs (Org Mode), where org-link-expand-abbrev can execute unsafe Elisp via a %(...) link abbrev. This occurs in Emacs before 29.4 and Org Mode before 9.7.5, due to evaluating unsafe functions (e.g., shell-command-to-string) during link expansion. The CVSS/impact in the pri...
CVE-2022-48338
CVE-2022-48338 affects GNU Emacs up to version 28.2, via ruby-mode.el’s function ruby-find-library-file . The vulnerability is a local command injection: the function is interactive and calls external command gem through shell-command-to-string without escaping feature-name parameters, enabling a...
CVE-2024-30202
CVE-2024-30202 (Emacs/Org Mode) : In Emacs versions before 29.3, turning on Org mode evaluates arbitrary Lisp code, enabling code execution in Org Mode before 9.6.23. This has been confirmed across multiple security advisories (e.g., Astra Linux, Gentoo GLSA, Debian tracking, AWS ALAS) as a vulne...
CVE-2023-27986
CVE-2023-27986 affects Emacs 28.1–28.2, where emacsclient-mail.desktop can be exploited via a crafted mailto: URI containing unescaped double-quote characters to trigger Emacs Lisp code injection. The fixed version is 29.0.90. CVSS v3.1 (NVD) indicates a High impact with local attack vector and u...
CVE-2014-3422
CVE-2014-3422 affects GNU Emacs 24.3 and earlier. The vulnerability allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/. Public documents (OpenVAS/Nessus/EulerOS advisories) confirm the existence and nature of the issue but do not specify a ve...
CVE-2023-27985
CVE-2023-27985 affects Emacs up to version 28.2, specifically emacsclient-mail.desktop, where a crafted mailto: URI enables shell command injections due to Desktop Entry Specification noncompliance. The issue is documented as fixed in Emacs 29.0.90. Affected products/versions inferred from multip...
CVE-2014-3421
CVE-2014-3421 affects GNU Emacs 24.3 and earlier. The vulnerability is in lisp/gnus/gnus-fun.el, enabling local users to overwrite arbitrary files via a symlink attack on /tmp/gnus.face.ppm. Connected sources (EMACS advisories) confirm the affected versions and the symlink-based overwrite vector;...
CVE-2007-6109
CVE-2007-6109 describes a stack-based buffer overflow in Emacs triggered by a large precision value in an integer format specifier to the format function, leading to denial of service (crash) and potentially other impacts. Concrete references in connected docs indicate the vulnerability affects E...
CVE-2014-3423
CVE-2014-3423 affects GNU Emacs 24.3 and earlier, where lisp/net/browse-url.el allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic temporary file. The connected sources confirm this local-privilege issue and describe the exact path and file involved, but do not p...
CVE-2005-0100
The CVE-2005-0100 entry documents a format-string vulnerability in movemail used by Emacs (20.x, 21.3 and possibly other versions) and XEmacs up to 21.4, enabling remote code execution via crafted POP3 packets. Affected components: movemail utility within Emacs/XEmacs; root cause: unsafe handling...
CVE-2007-5795
The CVE-2007-5795 issue affects Emacs 22 prior to 22.2 where the hack-local-variables handling, when enable-local-variables is set to :safe, fails to properly search unsafe variable lists. This can allow a user-assisted attacker to modify critical program variables via a Local variables declarati...
CVE-2010-0825
CVE-2010-0825 affects movemail in emacs 22 and 23. The vulnerability arises in lib-src/movemail.c, where a symlink attack combined with improper file-permission checks lets a local user read, modify, or delete arbitrary mailbox files. The issue is documented across multiple advisories (Mandriva M...
CVE-2017-1000383
CVE-2017-1000383 affects GNU Emacs (notably version 25.3.1) and possibly other versions. The vulnerability stems from Emacs creating backup save files ("[ORIGINAL_FILENAME]~") without honoring the process umask, which can result in backup files being world-readable or otherwise exposed beyond the...
CVE-2008-1694
CVE-2008-1694 concerns the vcdiff component in Emacs versions 20.7 through 22.1.50 when used with SCCS. The underlying issue is insecure handling of temporary files in the vcdiff script, enabling a local attacker to overwrite arbitrary files via a symlink race condition. Public advisories confirm...
CVE-2012-3479
CVE-2012-3479 affects GNU Emacs up to version 24.1, where lisp/files.el can trigger eval forms in local-variable sections when enable-local-variables is set to :safe. This permits a remote attacker-curated file to execute arbitrary Emacs Lisp code. Multiple advisories and NASL/Gentoo/OpenVAS entr...
CVE-2008-2142
CVE-2008-2142 : Emacs 21 and XEmacs automatically load and execute .flc (fast-lock) files linked to edited files, enabling user-assisted attackers to execute arbitrary code. Affected components include Emacs/XEmacs; impact involves arbitrary code execution. Public advisories note patches from var...
CVE-2014-3424
CVE-2014-3424 affects GNU Emacs 24.3 and earlier. The vulnerability is in lisp/net/tramp-sh.el, where a symlink attack on a /tmp/tramp-XXXXX temporary file allows a local user to overwrite arbitrary files. CVSSv2 from NVD shows base score 3.3 (AV:L, AC:M, I:P, A:P; no confidentiality impact). Con...
CVE-2003-1232
CVE-2003-1232 Details: Emacs 21.2.1 executes Lisp code found in the local variables section of a text file without prompting the user, enabling a user-assisted attacker to run arbitrary commands via the mode-name variable. The connected sources (NVD, SUSE, CVE records) corroborate this behavior a...
CVE-2007-2833
CVE-2007-2833 affects GNU Emacs 21; user-assisted attackers could crash Emacs by crafting GIF images in VM mode due to an image-size calculation issue. Mitigations are available via vendor advisories (Debian DSA-1316-1, Ubuntu USN-504-1, SUSE patches, Mandriva MDKSA-2007:133, etc.). OpenVAS/Red H...
CVE-2012-0035
CVE-2012-0035 is an untrusted search path vulnerability in EDE (CEDET) that allows a local user to escalate privileges by crafting a Project.ede file loaded from a project directory. The issue affects CEDET’s EDE in Emacs contexts (notably Emacs 23.x with CEDET before 1.0.1); analysis from Gentoo...
CVE-2000-0269
CVE-2000-0269 : Emacs 20 does not properly set permissions for a slave PTY when starting a new subprocess, allowing local users to read or modify communications between Emacs and the subprocess. Root cause: incorrect PTY permissions handling. Impact: partial confidentiality (read/modify communica...
CVE-2001-1301
Technical details about CVE-2001-1301 are not publicly provided in the connected documents. The supplied materials only reiterate the generic symlink-attack description; monitor for updates.
CVE-2000-0271
In CVE-2000-0271, Emacs 20’s read-passwd and related Lisp functions do not properly clear the history of recently typed keys. This can allow an attacker to read unencrypted passwords stored in the command history. The issue is rooted in the Lisp password/history handling within Emacs 20. The prov...
CVE-2014-9483
Technical details for CVE-2014-9483 are not publicly provided in the supplied documents. The entries mention Emacs 24.4 and a generic bypass of security restrictions. Monitor for updates from vendors and security advisories.
CVE-2000-0270
The CVE affects Emacs 20’s make-temp-name Lisp function, which creates temporary files with predictable names, enabling a symlink attack. This is described by CVE-2000-0270 in NVD; connected sources note the same vulnerability. The available documents do not specify a patch version or workaround....
CVE-2026-6861
A CVE-2026-6861 vulnerability affects GNU Emacs and relates to memory corruption when Emacs processes specially crafted SVG CSS data. A local attacker could entice a user to open a malicious SVG file, which may lead to a denial of service or information disclosure. Public references in the connec...