CVE-2017-14482
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-14482
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-14482.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-14482
- Related
- Published
- 2017-09-14T16:29:00Z
- Modified
- 2025-01-15T01:00:11.409643Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).
- References
-
- http://www.debian.org/security/2017/dsa-3975
- https://access.redhat.com/errata/RHSA-2017:2771
- https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350
- https://security.gentoo.org/glsa/201801-07
- https://www.debian.org/security/2017/dsa-3970
- https://www.gnu.org/software/emacs/index.html#Releases
- http://www.openwall.com/lists/oss-security/2017/09/11/1
- https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70
Affected packages
Git / git.savannah.gnu.org/git/emacs.git
Affected ranges
- Type
- GIT
- Repo
- https://git.savannah.gnu.org/git/emacs.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
emacs-19.*
emacs-19.34
emacs-20.*
emacs-20.1
emacs-20.2
emacs-20.3
emacs-20.4
emacs-22.*
emacs-22.1
emacs-22.2
emacs-22.3
emacs-23.*
emacs-23.2
emacs-23.3
emacs-23.4
emacs-24.*
emacs-24.0.96
emacs-24.0.97
emacs-24.1
emacs-24.2
emacs-24.2.90
emacs-24.2.91
emacs-24.2.92
emacs-24.2.93
emacs-24.3
emacs-24.3-rc1
emacs-24.3.90
emacs-24.3.91
emacs-24.3.92
emacs-24.3.93
emacs-24.3.94
emacs-24.4
emacs-24.4-rc1
emacs-24.4.90
emacs-24.4.91
emacs-24.5
emacs-24.5-rc1
emacs-24.5-rc2
emacs-24.5-rc3
emacs-24.5-rc3-fixed
emacs-25.*
emacs-25.0.90
emacs-25.0.91
emacs-25.0.92
emacs-25.0.93
emacs-25.0.94
emacs-25.0.95
emacs-25.1
emacs-25.1-rc1
emacs-25.1-rc2
emacs-25.1.90
emacs-25.1.91
emacs-25.2
emacs-25.2-rc1
emacs-25.2-rc2
emacs-pretest-21.*
emacs-pretest-21.0.100
emacs-pretest-21.0.101
emacs-pretest-21.0.102
emacs-pretest-21.0.103
emacs-pretest-21.0.104
emacs-pretest-21.0.105
emacs-pretest-21.0.106
emacs-pretest-21.0.90
emacs-pretest-21.0.91
emacs-pretest-21.0.92
emacs-pretest-21.0.93
emacs-pretest-21.0.95
emacs-pretest-21.0.96
emacs-pretest-21.0.97
emacs-pretest-21.0.98
emacs-pretest-21.0.99
emacs-pretest-22.*
emacs-pretest-22.0.90
emacs-pretest-22.0.91
emacs-pretest-22.0.92
emacs-pretest-22.0.93
emacs-pretest-22.0.94
emacs-pretest-22.0.95
emacs-pretest-22.0.96
emacs-pretest-22.0.97
emacs-pretest-22.0.98
emacs-pretest-22.0.99
emacs-pretest-22.0.990
emacs-pretest-22.1.90
emacs-pretest-22.1.91
emacs-pretest-22.1.92
emacs-pretest-22.2.90
emacs-pretest-22.2.91
emacs-pretest-22.2.92
emacs-pretest-23.*
emacs-pretest-23.0.90
emacs-pretest-23.0.91
emacs-pretest-23.0.92
emacs-pretest-23.0.93
emacs-pretest-23.0.94
emacs-pretest-23.0.95
emacs-pretest-23.1.90
emacs-pretest-23.1.91
emacs-pretest-23.1.92
emacs-pretest-23.1.93
emacs-pretest-23.1.94
emacs-pretest-23.1.95
emacs-pretest-23.1.96
emacs-pretest-23.1.97
emacs-pretest-23.2.90
emacs-pretest-23.2.91
emacs-pretest-23.2.92
emacs-pretest-23.2.93
emacs-pretest-23.2.93.1
emacs-pretest-23.2.94
emacs-pretest-23.3.90
emacs-pretest-24.*
emacs-pretest-24.0.05
emacs-pretest-24.0.90
emacs-pretest-24.0.91
emacs-pretest-24.0.92
emacs-pretest-24.0.93
emacs-pretest-24.0.94
emacs-pretest-24.0.95
mh-e-8.*
mh-e-8.0
mh-e-8.0.1
mh-e-8.0.2
mh-e-8.0.3
mh-e-8.1
mh-e-8.2
mh-e-8.2.90
mh-e-8.2.91
mh-e-8.2.92
mh-e-8.2.93
mh-e-8.3
mh-e-8.3.1
mh-e-8.4
mh-e-8.5
mh-e-8.6
mh-e-doc-8.*
mh-e-doc-8.0
mh-e-doc-8.0.1
mh-e-doc-8.0.3
mh-e-doc-8.1
mh-e-doc-8.2
mh-e-doc-8.3
mh-e-doc-8.4
mh-e-doc-8.5
Other
ttn-vms-21-2-B4