Emacs
Sign in to watchby GNU
CVEs (21)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-14482 | Hig | 0.58 | 8.8 | 0.05 | Sep 14, 2017 | GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article). | |
| CVE-2014-9483 | Hig | 0.49 | 7.5 | 0.00 | Aug 28, 2017 | Emacs 24.4 allows remote attackers to bypass security restrictions. | |
| CVE-2026-6861 | Med | 0.40 | 6.1 | 0.00 | Apr 22, 2026 | A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics) CSS (Cascading Style Sheets) data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denial of service (DoS) or potentially information disclosure. | |
| CVE-2003-1232 | 0.04 | — | 0.07 | Dec 31, 2003 | Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable. | ||
| CVE-2007-5795 | 0.03 | — | 0.01 | Nov 2, 2007 | The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration. | ||
| CVE-2014-3424 | 0.00 | — | 0.00 | May 8, 2014 | lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file. | ||
| CVE-2014-3423 | 0.00 | — | 0.00 | May 8, 2014 | lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file. | ||
| CVE-2014-3422 | 0.00 | — | 0.00 | May 8, 2014 | lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/. | ||
| CVE-2014-3421 | 0.00 | — | 0.00 | May 8, 2014 | lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file. | ||
| CVE-2012-3479 | 0.00 | — | 0.02 | Aug 25, 2012 | lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file. | ||
| CVE-2012-0035 | 0.00 | — | 0.04 | Jan 19, 2012 | Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file. | ||
| CVE-2010-0825 | 0.00 | — | 0.00 | Apr 5, 2010 | lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks. | ||
| CVE-2008-2142 | 0.00 | — | 0.03 | May 12, 2008 | Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code. | ||
| CVE-2008-1694 | 0.00 | — | 0.00 | Apr 22, 2008 | vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files. | ||
| CVE-2007-6109 | 0.00 | — | 0.03 | Dec 7, 2007 | Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval" command line. | ||
| CVE-2007-2833 | 0.00 | — | 0.01 | Jun 21, 2007 | Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation. | ||
| CVE-2005-0100 | 0.00 | — | 0.03 | Feb 7, 2005 | Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets. | ||
| CVE-2001-1301 | 0.00 | — | 0.00 | Aug 7, 2001 | rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file. | ||
| CVE-2000-0271 | 0.00 | — | 0.00 | Apr 18, 2000 | read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords. | ||
| CVE-2000-0270 | 0.00 | — | 0.00 | Apr 18, 2000 | The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack. |