Home

CVE-2017-14482

Description

GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted Content-Type: text/enriched data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
4.703

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2017-14482 are affected in GNU Emacs 25.2Windows
GNU Emacs editor (USN-3427-1) emacs24_24.3+1-2ubuntu1.1_i386.debLinux
GNU Emacs editor (USN-3428-1) emacs25_25.1+1-3ubuntu4.1_i386.debLinux
GNU Emacs editor (USN-3428-1) emacs25_25.1+1-3ubuntu4.1_amd64.debLinux
GNU Emacs editor (USN-3427-1) emacs24_24.3+1-2ubuntu1.1_amd64.debLinux
GNU Emacs editor (USN-3427-1) emacs24_24.5+1-6ubuntu1.1_i386.debLinux
GNU Emacs editor (USN-3427-1) emacs24_24.5+1-6ubuntu1.1_amd64.debLinux
Emacs security update (CESA-2017:2771) emacs-24.3-20.el7_4.x86_64.rpmLinux
Emacs security update (CESA-2017:2771) emacs-el-24.3-20.el7_4.noarch.rpmLinux
Emacs security update (CESA-2017:2771) emacs-nox-24.3-20.el7_4.x86_64.rpmLinux
Emacs security update (CESA-2017:2771) emacs-common-24.3-20.el7_4.x86_64.rpmLinux
Emacs security update (CESA-2017:2771) emacs-terminal-24.3-20.el7_4.noarch.rpmLinux
Emacs security update (CESA-2017:2771) emacs-filesystem-24.3-20.el7_4.noarch.rpmLinux
(RHSA-2017:2771) Important: emacs security update emacs-24.3-20.el7_4.x86_64.rpmLinux
(RHSA-2017:2771) Important: emacs security update emacs-common-24.3-20.el7_4.x86_64.rpmLinux
(RHSA-2017:2771) Important: emacs security update emacs-el-24.3-20.el7_4.noarch.rpmLinux
(RHSA-2017:2771) Important: emacs security update emacs-filesystem-24.3-20.el7_4.noarch.rpmLinux
(RHSA-2017:2771) Important: emacs security update emacs-nox-24.3-20.el7_4.x86_64.rpmLinux
(RHSA-2017:2771) Important: emacs security update emacs-terminal-24.3-20.el7_4.noarch.rpmLinux
SUSE-SU-2017:2529-1(SUSE Linux Enterprise Desktop 12-SP2 ) emacs-24.3-25.3.1.x86_64.rpmLinux
SUSE-SU-2017:2529-1(SUSE Linux Enterprise Desktop 12-SP2 ) emacs-debuginfo-24.3-25.3.1.x86_64.rpmLinux
SUSE-SU-2017:2529-1(SUSE Linux Enterprise Desktop 12-SP2 ) emacs-debugsource-24.3-25.3.1.x86_64.rpmLinux
SUSE-SU-2017:2529-1(SUSE Linux Enterprise Server 12-SP2 ) emacs-el-24.3-25.3.1.noarch.rpmLinux
SUSE-SU-2017:2529-1(SUSE Linux Enterprise Desktop 12-SP2 ) emacs-info-24.3-25.3.1.noarch.rpmLinux
SUSE-SU-2017:2529-1(SUSE Linux Enterprise Server 12-SP2 ) emacs-nox-24.3-25.3.1.x86_64.rpmLinux
SUSE-SU-2017:2529-1(SUSE Linux Enterprise Server 12-SP2 ) emacs-nox-debuginfo-24.3-25.3.1.x86_64.rpmLinux
SUSE-SU-2017:2529-1(SUSE Linux Enterprise Desktop 12-SP2 ) emacs-x11-24.3-25.3.1.x86_64.rpmLinux
SUSE-SU-2017:2529-1(SUSE Linux Enterprise Desktop 12-SP2 ) emacs-x11-debuginfo-24.3-25.3.1.x86_64.rpmLinux
SUSE-SU-2017:2529-1(SUSE Linux Enterprise Desktop 12-SP2 ) etags-24.3-25.3.1.x86_64.rpmLinux
SUSE-SU-2017:2529-1(SUSE Linux Enterprise Desktop 12-SP2 ) etags-debuginfo-24.3-25.3.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234