CVE Vulnerabilities

CVE-2017-14482

Published: Sep 14, 2017 | Modified: Nov 21, 2024
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
8.1 IMPORTANT
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM

GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted Content-Type: text/enriched data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).

Affected Software

Name Vendor Start Version End Version
Emacs Gnu * 25.2 (including)
Red Hat Enterprise Linux 7 RedHat emacs-1:24.3-20.el7_4 *
Emacs23 Ubuntu trusty *
Emacs24 Ubuntu trusty *
Emacs24 Ubuntu xenial *
Emacs24 Ubuntu zesty *
Emacs25 Ubuntu upstream *
Emacs25 Ubuntu zesty *

References