CyberSec.Space Logo
Back to CVE Browser

CVE-2017-14482

HIGH
8.8
CVSS Severity Score
EPSS Score0.1650%
EPSS Percentile43.25th
PublishedSep 14, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).

Affected Platforms (CPE)

πŸ“¦
Gnu

Emacs

<= 25.2
πŸ’»
Debian

Debian Linux

= 8.0

References & Advisories

πŸ”— http://www.debian.org/security/2017/dsa-3975
πŸ”— http://www.openwall.com/lists/oss-security/2017/09/11/1
πŸ”— https://access.redhat.com/errata/RHSA-2017:2771
πŸ”— https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350
πŸ”— https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70
πŸ”— https://security.gentoo.org/glsa/201801-07
πŸ”— https://www.debian.org/security/2017/dsa-3970
πŸ”— https://www.gnu.org/software/emacs/index.html#Releases

Related Vulnerabilities

CVE-2007-610910.0

Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly ...

CVE-2012-00359.3

Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows loca...

CVE-2021-470137.8

In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_se...

CVE-2021-473117.8

In the Linux kernel, the following vulnerability has been resolved: net: qcom/emac: fix UAF in emac_remove adpt is netdev privat...