Emacs
by GNU
Source repositories
CVEs (33)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-14482 | Hig | 0.58 | 8.8 | 0.04 | Sep 14, 2017 | GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in… | ||
| CVE-2025-1244 | Hig | 0.57 | 8.8 | 0.03 | Feb 12, 2025 | A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a… | ||
| CVE-2014-9483 | Hig | 0.49 | 7.5 | 0.03 | Aug 28, 2017 | Emacs 24.4 allows remote attackers to bypass security restrictions. | ||
| CVE-2026-6861 | Med | 0.40 | 6.1 | 0.00 | Apr 22, 2026 | A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics) CSS (Cascading Style Sheets) data. A local user could exploit this by convincing a victim to open a malicious SVG file,… | ||
| CVE-2017-1000383 | Med | 0.36 | 5.5 | 0.00 | Oct 31, 2017 | GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary. | ||
| CVE-2007-5795 | 0.03 | — | 0.01 | Nov 2, 2007 | The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a… | |||
| CVE-2003-1232 | 0.03 | — | 0.03 | Dec 31, 2003 | Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable. | |||
| CVE-2024-53920 | 0.00 | — | 0.01 | Nov 27, 2024 | In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs… | |||
| CVE-2024-39331 | 0.00 | — | 0.01 | Jun 23, 2024 | In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5. | |||
| CVE-2024-30203 | 0.00 | — | 0.01 | Mar 25, 2024 | In Emacs before 29.3, Gnus treats inline MIME contents as trusted. | |||
| CVE-2023-27985 | 0.00 | — | 0.01 | Mar 9, 2023 | emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90 | |||
| CVE-2023-27986 | 0.00 | — | 0.00 | Mar 9, 2023 | emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90. | |||
| CVE-2022-48339 | 0.00 | — | 0.01 | Feb 20, 2023 | An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name… | |||
| CVE-2022-48337 | 0.00 | — | 0.02 | Feb 20, 2023 | GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command… | |||
| CVE-2022-48338 | 0.00 | — | 0.02 | Feb 20, 2023 | An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command… | |||
| CVE-2022-45939 | 0.00 | — | 0.01 | Nov 28, 2022 | GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command… | |||
| CVE-2014-3424 | 0.00 | — | 0.00 | May 8, 2014 | lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file. | |||
| CVE-2014-3423 | 0.00 | — | 0.00 | May 8, 2014 | lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file. | |||
| CVE-2014-3422 | 0.00 | — | 0.00 | May 8, 2014 | lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/. | |||
| CVE-2014-3421 | 0.00 | — | 0.00 | May 8, 2014 | lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file. |
- risk 0.58cvss 8.8epss 0.04
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in…
- risk 0.57cvss 8.8epss 0.03
A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a…
- risk 0.49cvss 7.5epss 0.03
Emacs 24.4 allows remote attackers to bypass security restrictions.
- risk 0.40cvss 6.1epss 0.00
A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics) CSS (Cascading Style Sheets) data. A local user could exploit this by convincing a victim to open a malicious SVG file,…
- risk 0.36cvss 5.5epss 0.00
GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary.
- CVE-2007-5795Nov 2, 2007risk 0.03cvss —epss 0.01
The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a…
- CVE-2003-1232Dec 31, 2003risk 0.03cvss —epss 0.03
Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable.
- CVE-2024-53920Nov 27, 2024risk 0.00cvss —epss 0.01
In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs…
- CVE-2024-39331Jun 23, 2024risk 0.00cvss —epss 0.01
In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5.
- CVE-2024-30203Mar 25, 2024risk 0.00cvss —epss 0.01
In Emacs before 29.3, Gnus treats inline MIME contents as trusted.
- CVE-2023-27985Mar 9, 2023risk 0.00cvss —epss 0.01
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90
- CVE-2023-27986Mar 9, 2023risk 0.00cvss —epss 0.00
emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.
- CVE-2022-48339Feb 20, 2023risk 0.00cvss —epss 0.01
An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name…
- CVE-2022-48337Feb 20, 2023risk 0.00cvss —epss 0.02
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command…
- CVE-2022-48338Feb 20, 2023risk 0.00cvss —epss 0.02
An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command…
- CVE-2022-45939Nov 28, 2022risk 0.00cvss —epss 0.01
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command…
- CVE-2014-3424May 8, 2014risk 0.00cvss —epss 0.00
lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.
- CVE-2014-3423May 8, 2014risk 0.00cvss —epss 0.00
lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.
- CVE-2014-3422May 8, 2014risk 0.00cvss —epss 0.00
lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.
- CVE-2014-3421May 8, 2014risk 0.00cvss —epss 0.00
lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.
Page 1 of 2