CVE-2007-6109

2007-12-0700:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.012

Percentile

85.5%

JSON

Stack-based buffer overflow in emacs allows user-assisted attackers to
cause a denial of service (application crash) and possibly have unspecified
other impact via a large precision value in an integer format string
specifier to the format function, as demonstrated via a certain “emacs
-batch -eval” command line.

Bugs

<https://bugs.launchpad.net/ubuntu/+source/emacs22/+bug/174177>

Notes

Author	Note
jdstrand	debian patch had regression. Also see http://bugs.debian.org/456235 per gentoo, xemacs21 21.4.x not affected, but 21.5 is. Verified all releases not affected

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchemacs21< 21.4a-3ubuntu2.2UNKNOWN
ubuntu7.04noarchemacs21< 21.4a+1-2ubuntu1.2UNKNOWN
ubuntu7.10noarchemacs21< 21.4a+1-5ubuntu4.1UNKNOWN
ubuntu8.04noarchemacs21< 21.4a+1-5.2UNKNOWN
ubuntu7.10noarchemacs22< 22.1-0ubuntu5.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	emacs21	< 21.4a-3ubuntu2.2	UNKNOWN
ubuntu	7.04	noarch	emacs21	< 21.4a+1-2ubuntu1.2	UNKNOWN
ubuntu	7.10	noarch	emacs21	< 21.4a+1-5ubuntu4.1	UNKNOWN
ubuntu	8.04	noarch	emacs21	< 21.4a+1-5.2	UNKNOWN
ubuntu	7.10	noarch	emacs22	< 22.1-0ubuntu5.2	UNKNOWN