返回 CVE 浏览器

CVE-2017-14482

HIGH

8.8

CVSS Severity Score

EPSS Score0.1650%

EPSS Percentile43.25th

Published2017年9月14日

Last Modified2026年5月13日

Vulnerability Description

GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).

Affected Platforms (CPE)

📦

Gnu

Emacs

<= 25.2

💻

Debian

Debian Linux

= 8.0

References & Advisories

🔗 http://www.debian.org/security/2017/dsa-3975

🔗 http://www.openwall.com/lists/oss-security/2017/09/11/1

🔗 https://access.redhat.com/errata/RHSA-2017:2771

🔗 https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350

🔗 https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70

🔗 https://security.gentoo.org/glsa/201801-07

🔗 https://www.debian.org/security/2017/dsa-3970

🔗 https://www.gnu.org/software/emacs/index.html#Releases

相关漏洞威胁

CVE-2007-610910.0

Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly ...

CVE-2012-00359.3

Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows loca...

CVE-2021-470137.8

In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_se...

CVE-2021-473117.8

In the Linux kernel, the following vulnerability has been resolved: net: qcom/emac: fix UAF in emac_remove adpt is netdev privat...