7 matches found
CVE-2024-30203
CVE-2024-30203 affects GNU Emacs prior to 29.3, where Gnus treats inline MIME contents as trusted. Public advisories from multiple sources (e.g., ALAS/ALAS2) recommend upgrading Emacs to a newer version (29.3 or later) to apply the fix. The issue is limited to Emacs/Gnus handling of inline MIME; ...
CVE-2024-30204
CVE-2024-30204 (Emacs) affects Emacs before 29.3, where LaTeX preview is enabled by default for e‑mail attachments, potentially enabling denial of service. Connected advisories from multiple vendors confirm the issue and recommend upgrading Emacs to a version including the fix (≥29.3). In practic...
CVE-2024-53920
In GNU Emacs (elisp-mode.el) prior to 30.1, invoking elisp-completion-at-point on untrusted Emacs Lisp can trigger unsafe Lisp macro expansion, enabling arbitrary code execution. This also occurs if on-the-fly diagnosis causes byte compilation of untrusted code. Root cause: unsafe macro expansion...
CVE-2024-30205
CVE-2024-30205 affects Emacs prior to 29.3 where Org mode trusts contents of remote files (Org mode before 9.6.23). CVSS indicates HIGH severity with LOCAL exploitability and USER INTERACTION required. Affected distributions document remediation via updating Emacs/Org-mode to fixed versions (e.g....
CVE-2024-39331
CVE-2024-39331 affects Emacs (Org Mode), where org-link-expand-abbrev can execute unsafe Elisp via a %(...) link abbrev. This occurs in Emacs before 29.4 and Org Mode before 9.7.5, due to evaluating unsafe functions (e.g., shell-command-to-string) during link expansion. The CVSS/impact in the pri...
CVE-2024-30202
CVE-2024-30202 (Emacs/Org Mode) : In Emacs versions before 29.3, turning on Org mode evaluates arbitrary Lisp code, enabling code execution in Org Mode before 9.6.23. This has been confirmed across multiple security advisories (e.g., Astra Linux, Gentoo GLSA, Debian tracking, AWS ALAS) as a vulne...
CVE-2007-6109
CVE-2007-6109 describes a stack-based buffer overflow in Emacs triggered by a large precision value in an integer format specifier to the format function, leading to denial of service (crash) and potentially other impacts. Concrete references in connected docs indicate the vulnerability affects E...