QwikSec

Security Database

CVE

CWE

Training

CVE-2017-14482

Published: Sep 14, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_DEBIAN

https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_GENTOO

vendor-advisory

x_refsource_REDHAT

https://www.gnu.org/software/emacs/index.html#Releases

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2017/09/11/1

x_refsource_CONFIRM

https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.