rpm package
opensuse/emacs&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/emacs&distro=openSUSE%20Tumbleweed
Vulnerabilities (18)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-6861 | Med | 6.1 | < 30.2-8.1 | 30.2-8.1 | Apr 22, 2026 | A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics) CSS (Cascading Style Sheets) data. A local user could exploit this by convincing a victim to open a malicious SVG file, which | |
| CVE-2025-1244 | Hig | 8.8 | < 29.4-14.1 | 29.4-14.1 | Feb 12, 2025 | A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a re | |
| CVE-2024-53920 | — | < 29.4-11.1 | 29.4-11.1 | Nov 27, 2024 | In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs | ||
| CVE-2024-39331 | — | < 29.4-2.1 | 29.4-2.1 | Jun 23, 2024 | In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5. | ||
| CVE-2023-27986 | — | < 28.2-3.1 | 28.2-3.1 | Mar 9, 2023 | emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90. | ||
| CVE-2023-27985 | — | < 28.2-3.1 | 28.2-3.1 | Mar 9, 2023 | emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90 | ||
| CVE-2022-48339 | — | < 28.2-2.1 | 28.2-2.1 | Feb 20, 2023 | An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains | ||
| CVE-2022-48338 | — | < 28.2-2.1 | 28.2-2.1 | Feb 20, 2023 | An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem | ||
| CVE-2022-48337 | — | < 28.2-2.1 | 28.2-2.1 | Feb 20, 2023 | GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (s | ||
| CVE-2022-45939 | — | < 28.2-1.1 | 28.2-1.1 | Nov 28, 2022 | GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (sugg | ||
| CVE-2014-9483 | Hig | 7.5 | < 25.1-1.1 | 25.1-1.1 | Aug 28, 2017 | Emacs 24.4 allows remote attackers to bypass security restrictions. | |
| CVE-2017-7476 | Cri | 9.8 | < 27.2-6.2 | 27.2-6.2 | May 2, 2017 | Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c. | |
| CVE-2014-3424 | — | < 25.1-1.1 | 25.1-1.1 | May 8, 2014 | lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file. | ||
| CVE-2014-3423 | — | < 25.1-1.1 | 25.1-1.1 | May 8, 2014 | lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file. | ||
| CVE-2014-3422 | — | < 25.1-1.1 | 25.1-1.1 | May 8, 2014 | lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/. | ||
| CVE-2014-3421 | — | < 25.1-1.1 | 25.1-1.1 | May 8, 2014 | lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file. | ||
| CVE-2012-0035 | — | < 25.1-1.1 | 25.1-1.1 | Jan 19, 2012 | Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file. | ||
| CVE-2007-5795 | — | < 27.2-6.2 | 27.2-6.2 | Nov 2, 2007 | The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a |
- affected < 30.2-8.1fixed 30.2-8.1
A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics) CSS (Cascading Style Sheets) data. A local user could exploit this by convincing a victim to open a malicious SVG file, which
- affected < 29.4-14.1fixed 29.4-14.1
A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a re
- CVE-2024-53920Nov 27, 2024affected < 29.4-11.1fixed 29.4-11.1
In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs
- CVE-2024-39331Jun 23, 2024affected < 29.4-2.1fixed 29.4-2.1
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
- CVE-2023-27986Mar 9, 2023affected < 28.2-3.1fixed 28.2-3.1
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.
- CVE-2023-27985Mar 9, 2023affected < 28.2-3.1fixed 28.2-3.1
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90
- CVE-2022-48339Feb 20, 2023affected < 28.2-2.1fixed 28.2-2.1
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains
- CVE-2022-48338Feb 20, 2023affected < 28.2-2.1fixed 28.2-2.1
An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem
- CVE-2022-48337Feb 20, 2023affected < 28.2-2.1fixed 28.2-2.1
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (s
- CVE-2022-45939Nov 28, 2022affected < 28.2-1.1fixed 28.2-1.1
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (sugg
- affected < 25.1-1.1fixed 25.1-1.1
Emacs 24.4 allows remote attackers to bypass security restrictions.
- affected < 27.2-6.2fixed 27.2-6.2
Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c.
- CVE-2014-3424May 8, 2014affected < 25.1-1.1fixed 25.1-1.1
lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.
- CVE-2014-3423May 8, 2014affected < 25.1-1.1fixed 25.1-1.1
lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.
- CVE-2014-3422May 8, 2014affected < 25.1-1.1fixed 25.1-1.1
lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.
- CVE-2014-3421May 8, 2014affected < 25.1-1.1fixed 25.1-1.1
lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.
- CVE-2012-0035Jan 19, 2012affected < 25.1-1.1fixed 25.1-1.1
Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.
- CVE-2007-5795Nov 2, 2007affected < 27.2-6.2fixed 27.2-6.2
The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a